Cisco Unified Communications Manager + Unity Connection

Installation, Configuration, and Operation of a completely functional VoIP infrastructure

Jacob Adlon, CCNP CIS Senior Projects

Spring 2014

Cisco Unified Communications Manager + Unity Connection

Installation, Configuration, and Operation of a completely functional VoIP infrastructure

Jacob Adlon, CCNP CIS Senior Projects Spring 2014

Table of Contents
Project Plan ------------------------------------------------------------------------------------------- TAB A Project Description Equipment and Software Detailed Objectives Time Estimates (In Hours) Project Analysis -------------------------------------------------------------------------------------- TAB B Revised Project Plan Time Estimate Analysis Final Advice Project Presentation --------------------------------------------------------------------------------- TAB C Project Topology ------------------------------------------------------------------------------------- TAB D Topology Diagram Physical Equipment IP Addressing, Interface Assignments, & VLANs -------------------------------------------- TAB E IP Subnets and VLANs VLAN 64 - VoIP Subnet A VLAN 65 - VoIP Subnet B VLAN 66 - Data Subnet A VLAN 67 - Data Subnet B VLAN 68 - Lab Subnet VLAN 69 - WIFI Subnet VLAN 70 - Management Subnet Interface List Switch - MLS_3550_A Switch - MLS_3550_B Router - RTR_2801 Router - RTR_2620XM Cisco 2509 - Access_Server APC MasterSwitch Power Distribution Unit

Initial Configuration -------------------------------------------------------------------------------- TAB F Access Server Power Distribution Unit Routers RTR_2801 RTR_2620XM Switches MLS_3550_A MLS_3550_B DHCP, NAT, & WAP ------------------------------------------------------------------------------- TAB G Dynamic Host Configuration Protocol (DHCP) MLS_3550_A MLS_3550_B Network Address Translation (NAT) RTR_2801 Wireless Access Point (WAP) Security ------------------------------------------------------------------------------------------------ TAB H Authentication, Authorization, and Accounting (AAA) Port Security Zone-Based Firewall (ZBF) & Secure Shell (SSH) Access Site-to-Site VPN with Pre-Shared Key Operating System Virtualization & Installation ----------------------------------------------- TAB I VMware Setup Cisco Unified Communication Manager & Cisco Unity Connection Pre-Installation Installation Ubuntu Server, CentOS, Windows Server, & Windows 7 Installation Basic Operating System Configuration ---------------------------------------------------------- TAB J Windows 7 / Windows Server Ubuntu Server & CentOS

Windows Server Domain Controller & DNS --------------------------------------------------- TAB K Promote Windows Server 2012 to a Domain Controller Setup Windows Server for DNS FTP, Syslog, & Config Backup -------------------------------------------------------------------- TAB L File Transfer Protocol (FTP) Syslog & Config Backup Router/Switch Configuration Kiwi Syslog Server CUCM Distributed Multisite Deployment ----------------------------------------------------- TAB M CUCM Initial Setup Creating a Device Pool in CUCM Adding Phones to CUCM Voicemail with Cisco Unity Connection --------------------------------------------------------- TAB N Voicemail Setup Part 1 CUCM Configuration Part 2 CUC Configuration Lightweight Directory Access Protocol ---------------------------------------------------------- TAB O Syncing Active Directory with LDAP LDAP Authentication Media Gateway Control Protocol ----------------------------------------------------------------- TAB P Preparing the Routers for MGCP configuration Configuring FXS ports using MGCP Configuring T1 lines using MGCP Troubleshooting MGCP RTR_2801 RTR_2620XM Show Commands Phone Features --------------------------------------------------------------------------------------- TAB Q Call Park Call Pickup Display & Line Text Intercom

Inter-Cluster Trunks ------------------------------------------------------------------------------- TAB R Creating an Inter-Cluster Trunk Creating a CUCM Route Plan --------------------------------------------------------------------- TAB S Route Plan Fundamentals Configuring Route Groups in CUCM Configuring Route Lists in CUCM Configuring Route Patterns in CUCM Creating a PSTN Dial Plan ------------------------------------------------------------------------ TAB T Creating a PSTN Route List Creating a Manual PSTN Dial Plan Survivable Remote Site Telephony --------------------------------------------------------------- TAB U Enabling Advanced SRST Functionality Dial-Peer Configuration Quality of Service ------------------------------------------------------------------------------------ TAB V AutoQoS Final Device Configurations ---------------------------------------------------------------------- TAB W Routers Access_Server RTR_2801 RTR_2620XM Switches MLS_3550_A MLS_3550_B Verification & Testing ------------------------------------------------------------------------------ TAB X Verification of Functionality Ping Tests Wireshark Capture Project Weekly Journals --------------------------------------------------------------------------- TAB Y Project Summary & References ------------------------------------------------------------------ TAB Z Project Summary Project References

Project Plan

Project Description
Design and Implement a fully functional CUCM (Cisco Unified Communications Manager) network capable of placing internal calls, as well as calling between multiple CUCM clusters. Additionally, setup a CUC (Cisco Unity Connection) server to handle voicemail, utilize SRST (Survivable Remote Site Telephony) if communication to the CUCM servers is lost, and configure devices to call across a PSTN connection in the event of a WAN link failure. Furthermore, setup various servers, workstations, and Cisco technologies to create a complete and functional network infrastructure.

Equipment and Software

Desktop Computer o Windows 8.1 Professional 64-bit Intel Core i7-4770K 3.5 GHz CPU 32 GB RAM 2 NICs to bridge VMs to different subnets o VMware Workstation 10.0 Windows 7 Ultimate Windows Server 2012 R2 Ubuntu Server 13.10 CentOS 6.5 Cisco Unified Communications Manager 8.6 Cisco Unity Connection 8.6 o Kiwi Syslog o Tftpd64 o Cisco Configuration Professional 2.7 o EdrawSoft Edraw Max o Cisco IP Communicator 8.6 o SecureCRT o HyperSnap Networking Equipment o APC AP9211 MasterSwitch Power Distribution Unit w/ Web Management Card o Cisco 2509 8-Port Terminal Access Server w/ Octal Cable and AUI Transceiver o Cisco 3550 24-port L3 Switch w/ inline power o Cisco 3550 48-port L3 Switch o Cisco 2801 ISR w/ VWIC-1MFT-T1, VIC-4FXS/DID, VIC2-2FXO, WIC-2T o Cisco 2620XM ISR w/ NM-HD-2VE (VIC-2DID & VWIC-1MFT-T1), WIC-2T o D-Link DIR-601 Wireless N150 Home Router (Configured to serve as a WAP) o Cisco 7940 IP Phones (x2) - w/ power adapters o Cisco 7960 IP Phones (x2) - powered through PoE o Analog Phones (x2)

Detailed Objectives
Research o Setup and configure a CUCM server o Setup and configure a CUC server o Connect Cisco router to ISP using NAT

o Enable appropriate level of security to protect network o Enable SRST on Cisco routers o Configure a T1 VWIC to setup a PSTN connection o Advanced Cisco VoIP configurations Design o Network Topology Diagram o IP Addressing Scheme o Server/Workstation Environment Windows 7 Windows Server 2012 Ubuntu Server 13.10 CentOS 6.5 o Dial Plans o Voicemail configurations o Firewall Restrictions o QoS Implementation o Routing & Switching to establish full connectivity across all devices Routing Protocols Static Routes NAT DHCP o VoIP connectivity o Analog Phone connectivity o Implement appropriate phone features Voicemail Call Park Intercom Call Pickup o Appropriate firewall settings on 2801 router o SRST failover on routers o Wireless connectivity Testing o Confirm connectivity between all network devices o Confirm all IP and Analog phones can make/receive calls o Confirm voicemail system works properly o Confirm IP phones failover to SRST router when CUCM connectivity is lost o Verify call quality and that calls are successful between clusters Documentation o Project Plan o Project Analysis o Network Topology o Router Configuration Guide o Switch Configuration Guide o CUCM Configuration Guide o CUC Configuration Guide

o Server/Workstation Configuration Guide o Router/Switch Show Commands Running Configurations, Routing Tables, etc. o Ping Tests o Project Weekly Journals o Research References

Time Estimates (In Hours)

Research 15 Installation 20 Configuration Testing 45 25 Documentation Total 35 140

Project Analysis

Revised Project Plan

Practically every aspect of this project was accomplished as originally envisioned; however, the scope was expanded to include some enhanced functionality, and some less important aspects were dropped. Initially, the network was going to be limited to a single CUCM server (using a centralized single site model), but after much consideration a second CUCM server was added (upgrading it to a distributed multisite model). Rather than one CUCM server handling all of the call processing, the work was divided between two servers; with each one handling calls at their respective sites (i.e. on opposite sides of the WAN link). This not only increases redundancy, but decreases the amount of traffic crossing the WAN link. SRST was also enhanced to utilize the CUCM Express functionality of both routers, and dialpeers were configured on the routers to maintain connectivity between all of the phones. This setup permits semi-normal operation even if both CUCM servers and/or the WAN link fails. Additionally, the Linux servers on the network were originally going to serve a purpose, but proved to be more trouble than they were worth. Some network monitoring functionality was going to be incorporated into the project (i.e. Cacti), but since it refused to work properly, and was beyond the scope of this project, it was dropped.

Time Estimate Analysis

Estimated Times (In Hours) Research Installation 15 20 Actual Times (In Hours) Research Installation 30 5 Percent Difference Research Installation + 100% - 75%

Configuration Testing 45 25

Documentation Total 35 140

Configuration Testing 40 5

Documentation Total 40 120

Configuration Testing - 11% - 80%

Documentation Total + 14% - 14%

The configuration, documentation, and total time estimates werent too far off; however, research, installation, and testing were far above or below the original estimates.

Research took up more time than expected. Mostly due to the number of CBT Nugget videos watched, which helped when configuring some of the more advanced options within CUCM. Installation of the Operating Systems went extremely fast. A powerful PC, and the use of VMware, contributed to the speed at which this task was accomplished. Testing also went faster than expected. Performing different ping tests, analyzing various show commands, and verifying phone functionality was far easier than originally anticipated.

Final Advice
Plan out steps thoroughly, and learn how to properly make a feature work, before attempting configuration. Doing something right the first time can save hours in the long run, even if preparation takes longer than expected. Additionally, dont be afraid of debug commands. While the output of a debug may seem overwhelming at first, valuable information can be gleaned about why something isnt operating as it should. A lot of time could have been saved through the use of some simple debug commands.

Project Presentation

Project Topology

Topology Diagram

Physical Equipment

APC AP9211 MasterSwitch Power Distribution Unit w/ Web Management Card Cisco 2509 8-Port Terminal Access Server w/ Octal Cable and AUI Transceiver Cisco Catalyst 2950 L2 Switch (x2) [unused] Cisco Catalyst 3550 24-port L3 Switch w/ inline power Cisco Catalyst 3550 48-port L3 Switch Cisco 2801 ISR w/ VWIC-1MFT-T1, WIC-2T, VIC2-2FXO, VIC-4FXS/DID Cisco 2620XM ISR w/ NM-HD-2VE (VIC-2DID & VWIC-1MFT-T1), WIC-2T (x2) Cisco 2620 ISR (x2) [unused] D-Link DIR-601 Wireless N150 Home Router (Configured to serve as a WAP) Cisco 7940 IP Phones (x2) - w/ power adapters Cisco 7960 IP Phones (x2) - powered through Cisco Inline Power Analog Phones (x2)

IP Addressing, Interface Assignments, & VLANs

IP Subnets and VLANs Network 10.1.64.0 10.1.65.0 10.1.66.0 10.1.67.0 10.1.68.0 10.1.69.0 10.1.70.0 10.1.252.0 10.1.253.0 10.1.254.0 n/a n/a Mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.252 255.255.255.252 255.255.255.252 n/a n/a VLAN VLAN 64 VLAN 65 VLAN 66 VLAN 67 VLAN 68 VLAN 69 VLAN 70 n/a n/a n/a VLAN 99 VLAN 666 Description VoIP Subnet A VoIP Subnet B Data Subnet A Data Subnet B Lab Subnet [unused] WIFI Subnet Management Subnet Point-to-Point MLS_3550 to RTR_2801 Point-to-Point MLS_3550 to RTR_2620XM Point-to-Point WAN Link Native VLAN Black Hole VLAN

Summary: 10.1.64.0/21 (255.255.248.0) P2P Summary: 10.1.252.0/22 (255.255.252.0) VLAN 64 - VoIP Subnet A Subnet Mask VLAN Description 255.255.255.0 VLAN 64 VoIP Subnet A Network Address 255.255.255.0 VLAN 64 MLS_3550_A VLAN 64 IP (Default Gateway) 255.255.255.0 VLAN 64 Reserved 255.255.255.0 VLAN 64 Reserved 255.255.255.0 VLAN 64 Reserved 255.255.255.0 VLAN 64 Reserved 255.255.255.0 VLAN 64 Reserved 255.255.255.0 VLAN 64 Reserved 255.255.255.0 VLAN 64 Reserved 255.255.255.0 VLAN 64 Reserved 255.255.255.0 VLAN 64 Reserved 255.255.255.0 VLAN 64 VoIP Subnet A DHCP Scope 255.255.255.0 VLAN 64 VoIP Subnet A Broadcast Address VLAN 65 - VoIP Subnet B Subnet Mask VLAN Description 255.255.255.0 VLAN 65 VoIP Subnet B Network Address 255.255.255.0 VLAN 65 MLS_3550_B VLAN 65 IP (Default Gateway) 255.255.255.0 VLAN 65 Reserved 255.255.255.0 VLAN 65 Reserved 255.255.255.0 VLAN 65 Reserved

IP Address 10.1.64.0 10.1.64.1 10.1.64.2 10.1.64.3 10.1.64.4 10.1.64.5 10.1.64.6 10.1.64.7 10.1.64.8 10.1.64.9 10.1.64.10 10.1.64.11 - 10.1.64.254 10.1.64.255

IP Address 10.1.65.0 10.1.65.1 10.1.65.2 10.1.65.3 10.1.65.4

10.1.65.5 10.1.65.6 10.1.65.7 10.1.65.8 10.1.65.9 10.1.65.10 10.1.65.11 - 10.1.65.254 10.1.65.255

255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0

VLAN 65 VLAN 65 VLAN 65 VLAN 65 VLAN 65 VLAN 65 VLAN 65 VLAN 65

Reserved Reserved Reserved Reserved Reserved Reserved VoIP Subnet B DHCP Scope VoIP Subnet B Broadcast Address

IP Address 10.1.66.0 10.1.66.1 10.1.66.2 10.1.66.3 10.1.66.4 10.1.66.5 10.1.66.6 10.1.66.7 10.1.66.8 10.1.66.9 10.1.66.10 10.1.66.11 - 10.1.66.254 10.1.66.255

VLAN 66 - Data Subnet A Subnet Mask VLAN Description 255.255.255.0 VLAN 66 Data Subnet A Network Address 255.255.255.0 VLAN 66 MLS_3550_A VLAN 66 IP (Default Gateway) 255.255.255.0 VLAN 66 Windows Server 2012 255.255.255.0 VLAN 66 Ubuntu Server 255.255.255.0 VLAN 66 CallManager (CUCM) Server / VoIP TFTP 255.255.255.0 VLAN 66 Unity Connection Server 255.255.255.0 VLAN 66 Reserved 255.255.255.0 VLAN 66 Reserved 255.255.255.0 VLAN 66 Reserved 255.255.255.0 VLAN 66 Reserved 255.255.255.0 VLAN 66 Reserved 255.255.255.0 VLAN 66 Data Subnet A DHCP Scope 255.255.255.0 VLAN 66 Data Subnet A Broadcast Address VLAN 67 - Data Subnet B Subnet Mask VLAN Description 255.255.255.0 VLAN 67 Data Subnet B Network Address 255.255.255.0 VLAN 67 MLS_3550_B VLAN 67 IP (Default Gateway) 255.255.255.0 VLAN 67 CallManager (CUCM) Server 2 / VoIP TFTP 255.255.255.0 VLAN 67 Unity Connection Server 2 255.255.255.0 VLAN 67 CentOS 255.255.255.0 VLAN 67 Reserved 255.255.255.0 VLAN 67 Reserved 255.255.255.0 VLAN 67 Reserved 255.255.255.0 VLAN 67 Reserved 255.255.255.0 VLAN 67 Reserved 255.255.255.0 VLAN 67 Reserved 255.255.255.0 VLAN 67 Data Subnet B DHCP Scope 255.255.255.0 VLAN 67 Data Subnet B Broadcast Address

IP Address 10.1.67.0 10.1.67.1 10.1.67.2 10.1.67.3 10.1.67.4 10.1.67.5 10.1.67.6 10.1.67.7 10.1.67.8 10.1.67.9 10.1.67.10 10.1.67.11 - 10.1.67.254 10.1.67.255

IP Address 10.1.68.0 10.1.68.1 10.1.68.2 10.1.68.3 10.1.68.4 10.1.68.5 -10.1.68.254 10.1.68.255

Subnet Mask 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0 255.255.255.0

VLAN 68 - Lab Subnet VLAN Description VLAN 68 Lab Subnet Network Address VLAN 68 MLS_3550_B VLAN 68 IP (Default Gateway) VLAN 68 Reserved VLAN 68 Reserved VLAN 68 Reserved VLAN 68 Reserved VLAN 68 Lab Subnet Broadcast Address

IP Address 10.1.69.0 10.1.69.1 10.1.69.2 10.1.69.3 10.1.69.4 10.1.69.5 - 10.1.69.254 10.1.69.255

VLAN 69 - WIFI Subnet Subnet Mask VLAN Description 255.255.255.0 VLAN 69 WIFI Subnet Network Address 255.255.255.0 VLAN 69 MLS_3550_A VLAN 69 IP (Default Gateway) 255.255.255.0 VLAN 69 D-Link WAP Mgmt. IP 255.255.255.0 VLAN 69 Reserved 255.255.255.0 VLAN 69 Reserved 255.255.255.0 VLAN 69 WIFI Subnet DHCP Scope 255.255.255.0 VLAN 69 WIFI Subnet Broadcast Address VLAN 70 - Management Subnet Subnet Mask VLAN Description 255.255.255.0 VLAN 70 Management Network Address 255.255.255.0 VLAN 70 MLS_3550_A VLAN 70 IP (Default Gateway) 255.255.255.0 VLAN 70 APC PDU 255.255.255.0 VLAN 70 Cisco 2509 255.255.255.0 VLAN 70 Reserved 255.255.255.0 VLAN 70 Reserved 255.255.255.0 VLAN 70 Reserved 255.255.255.0 VLAN 70 Reserved 255.255.255.0 VLAN 70 Reserved 255.255.255.0 VLAN 70 Reserved 255.255.255.0 VLAN 70 Reserved 255.255.255.0 VLAN 70 Management Broadcast Address

IP Address 10.1.70.0 10.1.70.1 10.1.70.2 10.1.70.3 10.1.70.4 10.1.70.5 10.1.70.6 10.1.70.7 10.1.70.8 10.1.70.9 10.1.70.10 - 10.1.70.254 10.1.70.255

Interface List Interface Fa0/1 Fa0/2 Fa0/3 Fa0/4 Fa0/5 Fa0/6 Fa0/7 Fa0/8 Fa0/9 Fa0/10 Fa0/11 Fa0/12 Fa0/13 Fa0/14 Fa0/15 Fa0/16 Fa0/17 Fa0/18 Fa0/19 Fa0/20 Fa0/21 Fa0/22 Fa0/23 Fa0/24 Gi0/1 Gi0/2 VLAN 64 VLAN 66 VLAN 69 VLAN 70 Loopback0 Switch - MLS_3550_A VLAN/Trunk/IP Device Remote interface 10.1.252.1 RTR_2801 Fa0/0 Cisco IP VLAN 64V, 66D Phone 10/100 SW Cisco IP VLAN 64V, 66D Phone 10/100 SW VLAN 64V, 66D PC NIC 1 VLAN 69 WAP LAN 1 VLAN 70 APC PDU Mgmt. Interface VLAN 70 Cisco 2509 Ethernet0 VLAN 64V, 66D TP-Link SW LAN 5 Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused 10.1.64.1 10.1.66.1 10.1.69.1 10.1.70.1 10.1.1.1 Switch - MLS_3550_B VLAN/Trunk/IP Device Remote interface 10.1.253.1 RTR_2620XM Fa0/0 Cisco IP VLAN 65V, 67D Phone 10/100 SW Notes Point-to-Point to RTR_2801 7960 (MAC: 000AF4643DA7) - x1001 7960 (MAC: 000D65BB8506) - x1002 Desktop PC w/ VMWare WAP - SSID: CiscoNet APC MasterSwitch PDU Cisco 2509 Terminal Access Server Xbox One, Apple TV, Raspbmc

Default Gateway Default Gateway Default Gateway Default Gateway Loopback

Interface Fa0/1 Fa0/2

Notes Point-to-Point to RTR_2620XM 7940 (MAC: 000DBC8EDEE8) - x2001

Fa0/3 Fa0/4 Fa0/5 Fa0/6 Fa0/7 Fa0/8 Fa0/9 Fa0/10 Fa0/11 Fa0/12 Fa0/13 Fa0/14 Fa0/15 Fa0/16 Fa0/17 Fa0/18 Fa0/19 Fa0/20 Fa0/21 Fa0/22 Fa0/23 Fa0/24 - Fa0/48 Gi0/1 Gi0/2 VLAN 65 VLAN 67 VLAN 68 Loopback0

VLAN 65V, 67D VLAN 65V, 67D Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused Unused 10.1.65.1 10.1.67.1 10.1.68.1 10.1.1.2

Cisco IP Phone PC

10/100 SW NIC 2

7940 (MAC: 000F34858236) - x2002 Desktop PC w/ VMWare

Default Gateway Default Gateway Default Gateway Loopback

Interface Fa0/0 Fa0/1 Serial0/2/0 Serial0/2/1 controller T1 0/3/0 voice-port 0/0/0 voice-port 0/0/1 voice-port 0/0/2 voice-port 0/0/3

Router - RTR_2801 VLAN/Trunk/IP Device Remote interface 10.1.252.2 MLS_3550 Fa0/1 DHCP Modem WAN 10.1.254.1 RTR_2620XM Serial0/2 Unused PSTN Unused Unused Unused Unused RTR_2620XM controller T1 1/0

Notes Point-to-Point to MLS_3550_A Internet Connection WAN connection to RTR_2620XM

PSTN connection to RTR_2620XM FXS Port FXS Port FXS Port FXS Port

voice-port 0/1/0 voice-port 0/1/1 Loopback0

Unused Unused 10.1.1.3 Router - RTR_2620XM VLAN/Trunk/IP Device Remote interface 10.1.253.2 MLS_3550 Fa0/13 Unused Unused 10.1.254.2 RTR_2801 Serial0/2/0 Unused controller T1 PSTN RTR_2801 0/3/0 Analog x3001 Phone RJ-11 Analog x3002 Phone RJ-11 10.1.1.4 Cisco 2509 - Access_Server VLAN/Trunk/IP Device Remote interface 10.1.70.3 MLS_3550_A Fa0/7 Unused Unused 1.1.1.1

FXO Port FXO Port Loopback

Interface Fa0/0 Serial0/0 Serial0/1 Serial0/2 Serial0/3 controller T1 1/0 voice-port 1/1/0 voice-port 1/1/1 Loopback0

Notes Point-to-Point to MLS_3550_B

WAN connection to RTR_2801

PSTN connection to RTR_2801 FXS connection to Analog Phone FXS connection to Analog Phone Loopback

Interface Ehternet0 Serial0 Serial1 Loopback0

Notes Connection to Switch MLS_3550_A

Loopback

Interface Mgmt. Interface

APC MasterSwitch Power Distribution Unit VLAN/Trunk/IP Device Remote interface Notes 10.1.70.2 MLS_3550_A Fa0/6 Connection to Switch MLS_3550_A

Initial Configuration

Access Server
Note: An access server is optional; however, it considerably speeds up configuration. Device Info: Cisco 2509 8-Port Terminal Access Server w/ Octal Cable and AUI Transceiver IOS Version 12.3(26), filename: c2500-c-l.123-26.bin After configuring basic parameters (hostname, passwords, console/vty line settings, etc.) enter the following commands to configure the access server. ! Set terminal line associations ! ! Note: Feel free to change the device names. ! ip host ALS1 2001 1.1.1.1 ip host ALS2 2002 1.1.1.1 ip host DLS1 2003 1.1.1.1 ip host DLS2 2004 1.1.1.1 ip host R1 2005 1.1.1.1 ip host R2 2006 1.1.1.1 ip host R3 2007 1.1.1.1 ip host R4 2008 1.1.1.1 ! ! Configure proper interface ip addressing ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface Ethernet0 ip address 10.1.70.3 255.255.255.0 no shutdown ! ! Configure default route ! ip route 0.0.0.0 0.0.0.0 Ethernet0 10.1.70.1 ! ! If the following error is encountered, clear the line several times ! Access_Server# dls1 Trying DLS1 (1.1.1.1, 2003)... % Connection refused by remote host ! Access_Server# clear line 3 [confirm] [OK]

Power Distribution Unit

Note: A PDU is optional; however, having one makes managing devices much easier, and equipment can be powered on/off remotely. Device Info: APC AP9211 MasterSwitch Power Distribution Unit w/ Web Management Card Initial configuration of this device must be performed though a serial connection. However, once it has been assigned a proper IP address, and connected to the network, a Web interface can be used to control the PDU. Open a Web browser and type in the address/port of the PDU. Example: http://10.1.70.2:5088/ A Web interface, similar to what is shown below, should open.

Click MasterSwitch, then Outlet Config from the menu on the left.

Feel free to name each outlet, then from the Outlets menu each device can be easily powered on/off.

Routers
RTR_2801 Device Info: Cisco 2801 ISR w/ VWIC-1MFT-T1, VIC-4FXS/DID, VIC2-2FXO, WIC-2T IOS Version 12.4(24)T8, filename: c2801-adventerprisek9_ivs-mz.124-24.T8.bin After configuring basic parameters (hostname, passwords, console/vty line settings, etc.) enter the following commands to establish local connectivity between devices. ! Configure proper interface IP addressing ! interface Loopback0 ip address 10.1.1.3 255.255.255.255 ! interface FastEthernet0/0 ip address 10.1.252.2 255.255.255.252 no shutdown ! interface FastEthernet0/1 ip address dhcp no shutdown ! interface Serial0/2/0 ip address 10.1.254.1 255.255.255.252 clock rate 2000000 no shutdown ! ! Configure routing ! router eigrp 100 passive-interface default no passive-interface FastEthernet0/0 no passive-interface Serial0/2/0 network 10.1.1.0 0.0.0.255 network 10.1.64.0 0.0.7.255 network 10.1.252.0 0.0.3.255 no auto-summary ! ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 174.100.160.1 ISP next hop

RTR_2620XM Device Info: Cisco 2620XM ISR w/ NM-HD-2VE (VIC-2DID & VWIC-1MFT-T1), WIC-2T IOS Version 12.4(25d), filename: c2600-adventerprisek9_ivs-mz.124-25d.bin After configuring basic parameters (hostname, passwords, console/vty line settings, etc.) enter the following commands to establish local connectivity between devices. ! Configure proper interface IP addressing ! interface Loopback0 ip address 10.1.1.4 255.255.255.255 ! interface FastEthernet0/0 ip address 10.1.253.2 255.255.255.252 no shutdown ! interface Serial0/2 ip address 10.1.254.2 255.255.255.252 no shutdown ! ! Configure routing ! router eigrp 100 passive-interface default no passive-interface FastEthernet0/0 no passive-interface Serial0/2 network 10.1.1.0 0.0.0.255 network 10.1.64.0 0.0.7.255 network 10.1.252.0 0.0.3.255 no auto-summary ! ip route 0.0.0.0 0.0.0.0 Serial0/2 10.1.254.1

Switches
MLS_3550_A Device Info: Cisco 3550 24-port L3 Switch w/ inline power IOS Version 12.2(52)SE, filename: c3550-ipservicesk9-mz.122-52.SE.bin After configuring basic parameters (hostname, passwords, console/vty line settings, etc.) enter the following commands to establish local connectivity between devices. ! Enable rapid-pvst & routing ! spanning-tree mode rapid-pvst ip routing ! ! Create VLANs ! vlan 64 name VoIP_A vlan 66 name DATA_A vlan 69 name WIFI vlan 70 name MGMT vlan 99 name NATIVE vlan 666 name BLACK_HOLE ! ! Configure proper switch port settings/IP addresses ! interface Loopback0 ip address 10.1.1.1 255.255.255.255 ! interface FastEthernet0/1 description Point-to-Point to RTR_2801 no switchport ip address 10.1.252.1 255.255.255.252 ! interface FastEthernet0/2 description Cisco IP Phone 7960 switchport access vlan 66 switchport mode access switchport voice vlan 64

spanning-tree portfast ! interface FastEthernet0/3 description Cisco IP Phone 7960 switchport access vlan 66 switchport mode access switchport voice vlan 64 spanning-tree portfast ! interface FastEthernet0/4 description Desktop PC w/ VMWare Virtualization switchport access vlan 66 switchport mode access switchport voice vlan 64 spanning-tree portfast ! interface FastEthernet0/5 description Wireless Access Point - SSID: CiscoNet switchport access vlan 69 switchport mode access spanning-tree portfast ! interface FastEthernet0/6 description APC MasterSwitch PDU switchport access vlan 70 switchport mode access spanning-tree portfast ! interface FastEthernet0/7 description Cisco 2509 Terminal Access Server switchport access vlan 70 switchport mode access spanning-tree portfast ! interface FastEthernet0/8 description Entertainment Equipment switchport access vlan 66 switchport mode access switchport voice vlan 64 spanning-tree portfast ! interface Vlan1 description UNUSED no ip address shutdown !

interface Vlan64 ip address 10.1.64.1 255.255.255.0 ! interface Vlan66 ip address 10.1.66.1 255.255.255.0 ! interface Vlan69 ip address 10.1.69.1 255.255.255.0 ! interface Vlan70 ip address 10.1.70.1 255.255.255.0 ! ! Disable unused ports ! interface range Fa0/9-24 , Gi0/1-2 description UNUSED switchport access vlan 666 switchport mode access shutdown ! ! Configure routing protocols / default route ! router eigrp 100 network 10.1.1.0 0.0.0.255 network 10.1.64.0 0.0.7.255 network 10.1.252.0 0.0.3.255 passive-interface default no passive-interface FastEthernet0/1 ! ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 10.1.252.2

MLS_3550_B Device Info: Cisco 3550 48-port L3 Switch IOS Version 12.2(52)SE, filename: c3550-ipservicesk9-mz.122-52.SE.bin After configuring basic parameters (hostname, passwords, console/vty line settings, etc.) enter the following commands to establish local connectivity between devices. ! Enable rapid-pvst & routing ! spanning-tree mode rapid-pvst ip routing ! ! Create VLANs ! vlan 65 name VoIP_B vlan 67 name DATA_B vlan 68 name LAB vlan 99 name NATIVE vlan 666 name BLACK_HOLE ! ! Configure proper switch port settings/IP addresses ! interface Loopback0 ip address 10.1.1.2 255.255.255.255 ! interface FastEthernet0/1 description Point-to-Point to RTR_2620XM no switchport ip address 10.1.253.1 255.255.255.252 ! interface FastEthernet0/2 description Cisco IP Phone 7940 switchport access vlan 67 switchport mode access switchport voice vlan 65 spanning-tree portfast ! interface FastEthernet0/3 description Cisco IP Phone 7940 switchport access vlan 67

switchport mode access switchport voice vlan 65 spanning-tree portfast ! interface FastEthernet0/4 description Desktop PC w/ VMWare Virtualization switchport access vlan 67 switchport mode access switchport voice vlan 65 spanning-tree portfast ! interface Vlan1 description UNUSED no ip address shutdown ! interface Vlan65 ip address 10.1.65.1 255.255.255.0 ! interface Vlan67 ip address 10.1.67.1 255.255.255.0 ! interface Vlan68 ip address 10.1.68.1 255.255.255.0 ! ! Disable unused ports ! interface range Fa0/5-48 , Gi0/1-2 description UNUSED switchport access vlan 666 switchport mode access shutdown ! ! Configure routing protocols / default route ! router eigrp 100 network 10.1.1.0 0.0.0.255 network 10.1.64.0 0.0.7.255 network 10.1.252.0 0.0.3.255 passive-interface default no passive-interface FastEthernet0/1 ! ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 10.1.253.2

DHCP, NAT, & WAP

Dynamic Host Configuration Protocol (DHCP)

Enter the following commands on the 3550 switches to enable DHCP and provide addressing to the entire network. MLS_3550_A ip ip ip ! ip dhcp excluded-address 10.1.64.1 10.1.64.10 dhcp excluded-address 10.1.66.1 10.1.66.10 dhcp excluded-address 10.1.69.1 10.1.69.4 dhcp pool VOICE_A network 10.1.64.0 255.255.255.0 default-router 10.1.64.1 dns-server 10.1.66.2 4.2.2.2 option 150 ip 10.1.66.4 10.1.1.3 point to CUCM/CME server(s)

! ip dhcp pool DATA_A network 10.1.66.0 255.255.255.0 default-router 10.1.66.1 dns-server 10.1.66.2 4.2.2.2 ! ip dhcp pool WIFI network 10.1.69.0 255.255.255.0 default-router 10.1.69.1 dns-server 10.1.66.2 4.2.2.2 MLS_3550_B ip dhcp excluded-address 10.1.65.1 10.1.65.10 ip dhcp excluded-address 10.1.67.1 10.1.67.10 ! ip dhcp pool VOICE_B network 10.1.65.0 255.255.255.0 default-router 10.1.65.1 dns-server 10.1.66.2 4.2.2.2 option 150 ip 10.1.67.2 10.1.1.4 point to CUCM/CME server(s) ! ip dhcp pool DATA_B network 10.1.67.0 255.255.255.0 default-router 10.1.67.1 dns-server 10.1.66.2 4.2.2.2

Network Address Translation (NAT)

Enter the following commands on the 2801 router to enable NAT and provide internet connectivity to the entire network. RTR_2801 ! Define Inside/Outside Interfaces ! interface FastEthernet0/0 ip nat inside ! interface FastEthernet0/1 ip nat outside ! interface Serial0/2/0 ip nat inside ! ! Define Addresses to Translate ! ip access-list extended NAT permit ip 10.1.0.0 0.0.255.255 any ! ! Specify Translation List and Interface ! ip nat inside source list NAT interface FastEthernet0/1 overload

Wireless Access Point (WAP)

Device Info: D-Link DIR-601 Wireless N150 Home Router Firmware: 1.02NA Make the following modifications to the DIR-601 to enable it to act as a WAP. Enable Wireless Functionality (preferably with security).

Change router IP to match the addressing scheme, and disable DHCP.

Wireless devices should now be able to connect to this WAP and receive an IP address from the DHCP server running on MLS_3550_A.

Security

Authentication, Authorization, and Accounting (AAA)

Enter the following commands on each device to enable AAA authentication. ! Use Auto Secure to harden RTR_2801; however, when asked to create a ! CBAC Firewall say No, a Zone-Based Firewall will be created later ! using CCP. ! auto secure ! ! Note: Some of the following commands will be issued with auto ! secure, but are included for completeness. ! ! Create enable secret and user account ! enable secret xxxx username xxxx privilege 15 secret xxxx ! ! Enable AAA and configure default and/or custom login lists ! aaa new-model aaa authentication login default local-case enable aaa authentication login my_list group tacacs+ local enable ! ! Configure Line Security ! line con 0 exec-timeout 5 0 logging synchronous login authentication default line vty 0 4 (on switches - line vty 0 15) exec-timeout 5 0 logging synchronous login authentication my_list ! ! Set password length and authentication retry limits ! security passwords min-length 6 login block-for 180 attempts 3 within 30 ! ! Set Login Banner ! banner motd &####Unauthorized Access is Prohibited####&

Port Security
Enter these commands under any access mode switchport where security is desired. Remember: if configuring security on a port with a PC and IP Phone, set the maximum MAC Address value to a minimum of 2. interface Fa0/1 switchport port-security switchport port-security maximum 2 switchport port-security violation shutdown switchport port-security mac-address sticky

Zone-Based Firewall (ZBF) & Secure Shell (SSH) Access

Follow these steps to configure a Zone-Based Firewall using Cisco Configuration Professional on RTR_2801 to properly protect the network. ! Prepare router for Secure CCP Access & SSH ! ip domain-name CiscoNet.com ! crypto key generate rsa ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh version 2 ! ip http secure-server ip http authentication local ip http timeout-policy idle 60 life 86400 requests 10000 line vty 0 4 privilege level 15 transport input ssh Open CCP and connect to the device securely using the username/password created earlier. Once the device has been discovered go to Configure Security Firewall. Note: whenever asked to let something through the firewall (NAT, DHCP, CME, etc.) respond with Yes. Additionally, if CCP doesnt display properly in IE, add the address 127.0.0.1 to the compatibility view settings.

Once the wizard has completed, a Basic Zone-Based Firewall will have been implemented on the router. The network is now protected from intrusion, while still permitting traffic originating from within the network. Tip: If attempting to discover a device in secure mode through CCP fails, and displays the following message: Discovery could not be completed because the security certificate was rejected, follow these steps: 1. Clear the crypto keys using the command: crypto key zeroize 2. Delete the pki trustpoint. For example: no crypto pki trustpoint TP-self-signed-3248306557 3. Access the router through a browser using the URL: https://<ip address of the router> 4. Click Continue to this website (not recommended). 5. Launch Cisco CP and discover the device in secure mode.

Site-to-Site VPN with Pre-Shared Key

RTR_2801 crypto isakmp enable ! crypto isakmp policy 100 encryption aes 128 authentication pre-share group 2 hash sha ! crypto isakmp identity address ! crypto isakmp key <key> address 10.1.254.2 255.255.255.252 ! crypto ipsec transform-set JACOB esp-aes 128 esp-sha-hmac ! ip access-list extended CRYPTO permit ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255 ! crypto map CRYPTO 100 ipsec-isakmp match address CRYPTO set peer 10.1.254.2 set pfs group2 set transform-set JACOB ! interface Serial0/2/0 crypto map CRYPTO RTR_2620XM crypto isakmp enable ! crypto isakmp policy 100 encryption aes 128 authentication pre-share group 2 hash sha ! crypto isakmp identity address ! crypto isakmp key <key> address 10.1.254.1 255.255.255.252

! crypto ipsec transform-set JACOB esp-aes 128 esp-sha-hmac ! ip access-list extended CRYPTO permit ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255 ! crypto map CRYPTO 100 ipsec-isakmp match address CRYPTO set peer 10.1.254.1 set pfs group2 set transform-set JACOB ! interface Serial0/2 crypto map CRYPTO Verification Send traffic across the VPN, then use show crypto ipsec sa to verify packet encryption/decryption. RTR_2801#show crypto ipsec sa interface: Serial0/2/0 Crypto map tag: CRYPTO, local addr 10.1.254.1 protected vrf: (none) local ident (addr/mask/prot/port): (10.1.0.0/255.255.0.0/0/0) remote ident (addr/mask/prot/port): (10.1.0.0/255.255.0.0/0/0) current_peer 10.1.254.2 port 500 PERMIT, flags={origin_is_acl,} #pkts encaps: 237, #pkts encrypt: 237, #pkts digest: 237 #pkts decaps: 335, #pkts decrypt: 335, #pkts verify: 335 #pkts compressed: 0, #pkts decompressed: 0 #pkts not compressed: 0, #pkts compr. failed: 0 #pkts not decompressed: 0, #pkts decompress failed: 0 #send errors 0, #recv errors 0 <output omitted> crypto map: CRYPTO sa timing: remaining key lifetime (k/sec): (4575920/2592) IV size: 16 bytes replay detection support: Y Status: ACTIVE <output omitted>

Operating System Virtualization & Installation

VMware Setup
Here is a configuration example to create a Virtual Machine in VMware Workstation 10. Note: Below shows the process for CUCM, but it is essentially identical for each OS.

Cisco Unified Communication Manager & Cisco Unity Connection

Pre-Installation CUCM & CUC can be temperamental when it comes to the hardware requirements. Follow these steps to bypass the hardware check at the beginning of the install. Open the ISO for CUCM/CUC in a program such as UltraISO. Once opened, browse to the /Cisco/install/conf folder. From there drag the file callmanager_product.conf to the desktop, then open it in WordPad.

Scroll down to the section labeled Cisco Unified Communications Manager.

Scroll down even further and locate the line labeled VMware.

Replace NOT with VAL, and replace any numbers with an asterisk (*).

Do the same for the section labeled Cisco Unity Connection. Once thats finished, save the file, copy it back into the ISO, and save the new ISO. Then select it from within VMware and the installation should begin with no problems. Installation The installation of CUCM and CUC are virtually identical, so for brevity here is the process to install CUCM.

After selecting OK the server will install and boot into a CLI type interface; however, both CUCM and CUC are configured though a Web interface which will be explored later. For now a quick overview of the other OS installations.

Ubuntu Server, CentOS, Windows Server, & Windows 7

Installation VMware makes installing the other operating systems a pretty simple task, so here is a quick overview of their installations. Once the VM for Ubuntu Server is initialized, and the installation process begins, nothing is required from the user. The server is copied and installed into the VM and then a login screen is displayed (this holds true for the CentOS installation also). Configuration will be covered later.

Windows Server 2012 and Windows 7 also require very little interaction after the initial VMware setup. Configuration will be covered later.

Basic Operating System Configuration

Before getting into some more advanced features, each OS has some basic configuration tasks that need to be completed (hostnames, ip addresses, software updates, etc.)

Windows 7 / Windows Server

Open up the system settings of each OS and change the computer name to something more appropriate. Then go under network connections and change the IPv4 properties to a static address for Windows Server (Windows 7 can be left to obtain an address automatically). Lastly, download all of the most recent security updates and patches for both Operating Systems.

Ubuntu Server & CentOS

In Ubuntu modify the /etc/network/interfaces file to include an appropriate static IP Address, then restart the networking service.

Subsequently, use the commands sudo apt-get update, sudo apt-get upgrade, and sudo aptget dist-upgrade to fully update the Operating System. And the command sudo apt-get install openssh-server openssh-client to install a SSH server to manage the OS more easily. CentOS works essentially the same way; however, it uses yum instead of apt-get, there are also some other minor differences. Additionally, while Ubuntu Server is pure command line out of the box, CentOS has a graphical user interface. This makes some configuration tasks easier if the command line is too daunting.

Windows Server Domain Controller & DNS

Promote Windows Server 2012 to a Domain Controller

From the server manager dashboard select Manage Add Roles and Features, from there install the Active Directory Domain Services and DNS Server roles. Next, follow the wizard to setup and install these roles. Note: If the prerequisites check fails, follow the instructions given to correct any issues then try again.

Once the Windows Server machine has been official made into the Domain Controller, Windows 7 can then join the new domain.

Setup Windows Server for DNS

The DNS server should have already been installed along with Active Directory Domain Services, so simply go to Server Manager Tools DNS to open the DNS Manager.

Right click on Reverse Lookup Zones and select New Zone. Keep all of the default settings, except when it asks for a Network ID enter the first three octets of the subnet this zone is for.

Right click on the domain name (CiscoNet.com) and create a new Host Record. Enter a name for the record and its associated IP Address. Do this for all required host entries. Now it is possible to communicate with a device using its FQDN (e.g. RTR_2801.CiscoNet.com) and DNS will translate the name into its IP Address.

FTP, Syslog, & Config Backup

File Transfer Protocol (FTP)

From Windows Server 2012 create a folder named FTP on the root of the C drive. After the folder has been created, modify its permissions to give a user account full read/write access.

From server manager install the Web Server (IIS) role, be certain to select the FTP server option during the installation of IIS.

Once the FTP server has been installed open the IIS manager. Right click on Sites and select Add FTP Site.

Name the site and choose the path of the FTP folder created earlier.

Select the IP Address of Windows Server 2012, leave the port set to 21, check start FTP site automatically, and select No SSL.

Check the box for Basic Authentication, select Allow access to: Specific users, and enter the account information for the user who was granted read/write access to the FTP folder. Lastly, check the boxes next to Read and Write.

Verify that ports 20 and 21 are permitted through the Windows Firewall and the FTP site should now be fully functional.

Syslog & Config Backup

Enter the following commands on each device to enable sending messages to a Syslog Server and backing up the router/switch configuration every 24 hours to the FTP server.

Router/Switch Configuration ! Enable logging to Syslog Server ! logging trap notifications logging facility local2 logging source-interface Loopback0 logging 10.1.66.2 ! ! Set default FTP username/password ! no ip ftp passive ip ftp source-interface Loopback0 ip ftp username [FTP username] ip ftp password [FTP password] ! ! Set archive path to FTP server & frequency of backup ! archive path ftp://10.1.66.2/$h-config write-memory time-period 1440

The current device config should now backup to the FTP server every 24 hours, or whenever the write memory command is used.

Kiwi Syslog Server Download and install Kiwi Syslog Server (or another preferred Syslog program), go to File Setup, and configure DNS resolution.

Now the devices actual hostname will be displayed rather than its IP Address.

As long as the proper logging commands have been entered on the device, Kiwi Syslog should now be fully functional.

CUCM Distributed Multisite Deployment

A Distributed Multisite Deployment involves setting up multiple CUCM servers at different sites (e.g. one on each side of the WAN link), this permits internal calling even if the WAN link were to fail. Additionally, calls can be routed to the PSTN, and between the two CUCM clusters, through the use of MGCP gateways and inter-cluster trunks, which will be covered later. Below is the configuration for the first CUCM server, the second one will be configured in a very similar fashion.

CUCM Initial Setup

Now that the network is fully functional, and all the devices can connect to each other, its time to make some phones ring. After installing the first CUCM server open a Web browser and enter https://10.1.66.4:8443/ccmadmin/showHome.do, or if DNS is working https://cucm.cisconet.com:8443/ccmadmin/showHome.do should also work. Accept any security exceptions if prompted, and once the login page appears enter the username and password created during installation.

Before doing anything else, select Cisco Unified Serviceability from the drop down menu in the upper right.

Then go to Tools Service Activation. Certain required services are disabled by default, so activating those now will prevent some frustration later.

To be safe select all services listed under CM Services, plus the Cisco Bulk Provisioning Service and Cisco DirSync services which are located further down the page. Once thats done click Save (It may take a few minutes to fully activate all the services).

Additionally, back under CM Administration, go to System Sever, and change the servers hostname to its IP Address. This prevents any DNS issues in the future.

Creating a Device Pool in CUCM

It is essential to create a Device Pool before any actual phones can be added to CUCM. Device Pools consist of several elements that must be configured before the actual Pool can be created. First, go to System Cisco Unified CM Group.

Once there click New Group. Name the group and add the server to the list of Selected CUCMs, then click Save (Name the group differently on each CUCM server to simulate distant sites).

After the groups have been created, go to the Date/Time Group page.

Give the group a name and configure the appropriate time zone settings.

Next, go to the Region configuration page, click Add New.

Create two regions, then associate the regions to each other in a way similar to whats shown above. Basically, when Ohio calls Ohio use a higher bit rate, but when Ohio calls Florida use a lower bit rate; this is important since the call has to travel a farther distance, and may be forwarded over a slower WAN link.

Before creating the Device Pool, go to Device Device Settings Softkey Template (Softkeys are the software based keys located at the bottom of the IP Phones display).

Here create a new Softkey template based on an existing one, and then customize its layout to better suit the users needs.

Feel free to get creative here. One suggestion, add the Immediate Divert (iDivert) softkey to the Ring In call state. This key will let users send a call straight to voicemail, which will come in handy after setting up Cisco Unity Connection.

One final step, which will save time later, go to System SRST and create a reference pointing to the address of RTR_2801 (On the second server create a reference pointing to RTR_2620XM).

Now go to the Device Pool configuration page to create the Pool. Create a new Pool using all of the settings just configured (except the Softkey template, which comes into play later). Once thats finished its time to configure some phones.

Example: CUCM Cluster 1

Example: CUCM Cluster 2

Adding Phones to CUCM

Select Device Phone, then Add New.

Pick the desired model of phone from the drop down menu, and leave the protocol set to SCCP

Fill in all of the required information (MAC, Device Pool, Phone Button Template, and Security Device Profile). Additionally, dont forget to select a new Softkey template if one was created earlier.

After clicking save, select Line [1] and assign it a Directory Number.

Once thats finished, repeat the process for each IP Phone. Note: Be certain to add the phones on opposite networks to their respective CUCM servers (for example, the phones attached to MLS_3550_A to the server with the Ohio device pool, and the phones attached to MLS_3550_B to the server with the Florida device pool.)

Optionally, go to System Cisco Unified CM to enable/disable auto-registration.

Example: CUCM Cluster 1

Example: CUCM Cluster 2

All phones should now be registered, have a directory number, and be able to call phones within their cluster (e.g. phones in the same CUCM database). Calling between clusters will be configured in a later section using inter-cluster trunks.

Voicemail with Cisco Unity Connection

Voicemail Setup
Part 1 CUCM Configuration Now that a functioning network infrastructure has been created, and all IP Phones are able to call internally, its time to start implementing some supplementary features; the first of which is voicemail. However, before jumping over to Unity Connection, there are some settings that need configured in CUCM.

To get started, go to Advanced Features Voice Mail Message Waiting, and click Add New

From there, create a number for the On message waiting indicator; subsequently, do the same thing for the Off MWI.

Next, go to Voice Mail Cisco Voice Mail Port Wizard, and follow the steps as depicted below.

Once the wizard is finished, go to Call Routing Route/Hunt Line Group.

Select Add New, and put the newly created voicemail DNs in the Line Group.

Now go to Call Routing Route/Hunt Hunt List

Click Add New, give the list a name, add it to a group, and check the two boxes to enable the list and select it for VM usage.

Add the list to the line group and click Save.

Now go to Call Routing Route/Hunt Hunt Pilot.

Click Add New, and fill out the pattern definition information.

Next, go to Advanced Features Voice Mail Voice Mail Pilot.

Click Add New, fill in the Voice Mail Pilot Number, and click Save.

Then go to Advanced Features Voice Mail Voice Mail Profile.

Name the profile, and select the Pilot number.

Go to Device Phone.

Select one of the phones created earlier, and click on the line number. Select the Voice Mail Profile, then scroll further down the page and check Forward No Answer Internal (this will automatically check several boxes), and lastly enter a ring duration.

Repeat this for each of the phones, then move on to the configuration of CUC.

Part 2 CUC Configuration

Its finally time to setup the Unity Connection side of things. Enter https://10.1.66.5/cuadmin/home.do or https://cuc.cisconet.com/cuadmin/home.do to reach the login page.

It may look intimidating at first, but configuration is actually pretty easy.

First, scroll down to Telephony Integrations Phone System, then click Add New.

After creating a new phone system, go to Telephony Integrations Port Group.

After selecting a display name and device prefix, enter the IP address of the CUCM server.

Once thats done select Telephony Features Port.

Create two new ports, then click Save.

Scroll to the top of the menu and select Users.

Click Add New.

Enter an Alias and First/Last name; but most importantly, enter the extension number this user is to be associated with.

Go to Edit Change Password to create a password for the user. Or, simply check the box labeled Skip PIN When Calling from a Known Extension, and the user will never have to enter a password when checking their voicemail.

Note: Repeat this process to configure a second Unity Connection server within the other CUCM cluster. Be certain to make any appropriate changes to the configuration (i.e. use a different pilot number, etc.).

Lightweight Directory Access Protocol

Syncing Active Directory with LDAP

Managing multiple user accounts can be a hassle. LDAP integration allows all user accounts to be stored in Active Directory, with only CUCM specific information managed from CUCM.

To get started, from within Windows Server 2012, click on Tools Active Directory Users and Computers. Create a new user dedicated to syncing users to CUCM.

Add the CCMDirSync user to the Domain Admins group.

Next, create a new Organizational Unit (OU) specifically for CUCM users, and create several user accounts within that OU. Earlier the CiscoDirSync service was activated, so now its time to link the databases. First, login to the CUCM server, and go to System LDAP LDAP System.

Once there check the box labeled Enable Synchronizing from LDAP Server.

Next, go to System LDAP LDAP Directory.

After filling in the information as listed above (make sure the user search base syntax matches), click Save, then click Perform a Full Sync Now. All the users from the CCMEndUsers OU should be listed under User Management End Users, and are now marked as Active for LDAP sync.

LDAP Authentication
Now that the user accounts are syncing, LDAP authentication must also be enable so user passwords sync.

For that go to System LDAP LDAP Authentication.

Simply check the box next to Use LDAP Authentication for End Users. Then enter the same manager/search base information from earlier, and click Save. Now passwords will also be managed in Active Directory, and the only settings handled from within CUCM are those relating specifically to phone features. (PINs, Phone Associations, etc.) To link user accounts in Unity Connection just scroll down to the LDAP section, and go through the exact same process from above. Then after syncing the database go to Users Import Users Find Users In: LDAP Directory; for existing users, under each users settings select Integrate with LDAP Directory.

Media Gateway Control Protocol

Preparing the Routers for MGCP configuration

Configuring the analog phones, and T1 line, attached to RTR_2620XM can be achieved through CUCM by turning the router into a MGCP Gateway. Additionally, RTR_2801 can become a gateway to facilitate the configuration of its T1 line. Enter the following commands on both routers to establish MGCP communication with their respective CUCM server.

! Change the IP to match the appropriate CUCM server. ! RTR_2801 = 10.1.66.4; RTR_2620XM = 10.1.67.2 ! ccm-manager config ccm-manager config server 10.1.66.4 Once the MGCP gateway is configured though CUCM the server will now be able to send any appropriate configuration commands to the routers.

Alternately, CCP can be used to enable the routers for MGCP. Just go to Configure Unified Communications Unified Communications Features and check the box labeled TDM Gateway. Then go to the Gateway Settings, select MGCP, and enter the IP Address of the CUCM server.

Configuring FXS ports using MGCP

In CUCM, go to Device Gateway Add New.

Select the router model (when selecting a 2801 series router it will ask for the Protocol, choose MGCP).

Enter the name of the device exactly as it is configured on the router (if a domain has been configured on the router, be certain to use the FQDN of the device).

Select the appropriate network modules installed within the device, then click Save. The page will refresh allowing any Subunits of the device to be defined. After clicking Save again, select the icon next to the first FXS port.

For the Port Type select POTS.

Select a device pool, then click save. Click to give the device a Directory Number, then repeat the process for the other FXS port.

Configuring T1 lines using MGCP

Now select the icon next to the T1 port, and choose Digital Access PRI for the protocol.

Choose a device pool, then click save.

Additionally, go to the bottom of the page and change the Clock to Internal. That should do it for the 2620XM router, now repeat the process for the 2801 and its T1 port (leave the Clock on the 2801 as External).

Furthermore, on RTR_2620XM set the Protocol Side to Network, and on RTR_2801 leave it set to User; additionally, on both routers set the Channel Selection Order to Top Down. Note: Using a Top Down selection order tells the router to start with the first channel when initiating a call across the T1 link. The command debug isdn q931 can be used to see which channel is being used when placing a call using the PSTN connection.

Once all the endpoints are configured be sure to click Apply Config to Selected, after refreshing the page all endpoints should say Registered with x.x.x.x under status.

Example: CUCM Cluster 1 (RTR_2801 Gateway)

Example: CUCM Cluster 2 (RTR_2620XM Gateway)

Troubleshooting MGCP
Here is what the configurations on each router should resemble after performing the above steps. RTR_2801 network-clock-participate wic 3 ! isdn switch-type primary-ni ! controller T1 0/3/0 cablelength short 133 should be entered for cables < 133ft pri-group timeslots 1-10,24 service mgcp ! interface Serial0/3/0:23 no ip address encapsulation hdlc isdn switch-type primary-ni isdn incoming-voice voice isdn bind-l3 ccm-manager no cdp enable ! ccm-manager fallback-mgcp ccm-manager mgcp no ccm-manager fax protocol cisco ccm-manager music-on-hold ccm-manager config server 10.1.66.4 ccm-manager config ! mgcp mgcp call-agent 10.1.66.4 2427 service-type mgcp version 0.1 mgcp rtp unreachable timeout 1000 action notify mgcp modem passthrough voip mode nse mgcp package-capability rtp-package mgcp package-capability sst-package mgcp package-capability pre-package no mgcp package-capability res-package no mgcp timer receive-rtcp mgcp sdp simple mgcp fax t38 inhibit ! mgcp profile default

RTR_2620XM isdn switch-type primary-ni ! controller T1 1/0 framing esf clock source internal linecode b8zs cablelength short 133 should be entered for cables < 133ft pri-group timeslots 1-24 service mgcp ! interface Serial1/0:23 no ip address encapsulation hdlc isdn switch-type primary-ni isdn protocol-emulate network isdn incoming-voice voice isdn bind-l3 ccm-manager no cdp enable ! voice-port 1/1/0 signal loopStart ! voice-port 1/1/1 signal loopStart ! ccm-manager fallback-mgcp ccm-manager mgcp no ccm-manager fax protocol cisco ccm-manager music-on-hold ccm-manager config server 10.1.67.2 ccm-manager config ! mgcp mgcp call-agent 10.1.67.2 2427 service-type mgcp version 0.1 mgcp rtp unreachable timeout 1000 action notify mgcp modem passthrough voip mode nse mgcp package-capability rtp-package mgcp package-capability sst-package mgcp package-capability pre-package no mgcp package-capability res-package no mgcp timer receive-rtcp

mgcp sdp simple mgcp fax t38 inhibit mgcp rtp payload-type g726r16 static ! mgcp profile default ! dial-peer voice 999110 pots service mgcpapp port 1/1/0 ! dial-peer voice 999111 pots service mgcpapp port 1/1/1 Show Commands RTR_2801# show isdn status Global ISDN Switchtype = primary-4ess %Q.931 is backhauled to CCM MANAGER 0x0003 on DSL 0. Layer 3 output may not apply ISDN Serial0/3/0:23 interface dsl 0, interface ISDN Switchtype = primary-ni L2 Protocol = Q.921 0x0000 L3 Protocol(s) = CCM MANAGER 0x0003 Layer 1 Status: ACTIVE Layer 2 Status: TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status: 0 Active Layer 3 Call(s) Active dsl 0 CCBs = 0 The Free Channel Mask: 0x800003FF Number of L2 Discards = 0, L2 Session ID = 138 Total Allocated ISDN CCBs = 0

RTR_2620XM# show isdn status Global ISDN Switchtype = primary-4ess %Q.931 is backhauled to CCM MANAGER 0x0003 on DSL 0. Layer 3 output may not apply ISDN Serial1/0:23 interface ******* Network side configuration ******* dsl 0, interface ISDN Switchtype = primary-ni L2 Protocol = Q.921 0x0000 L3 Protocol(s) = CCM MANAGER 0x0003 Layer 1 Status: ACTIVE Layer 2 Status: TEI = 0, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED Layer 3 Status: 0 Active Layer 3 Call(s) Active dsl 0 CCBs = 0 The Free Channel Mask: 0x807FFFFF Number of L2 Discards = 0, L2 Session ID = 38 Total Allocated ISDN CCBs = 0

RTR_2801# show ccm-manager MGCP Domain Name: RTR_2801.CiscoNet.com Priority Status Host ============================================================ Primary Registered 10.1.66.4 First Backup None Second Backup None Current active Call Manager: 10.1.66.4 <output omitted> Backhaul Link info: Link Protocol: TCP Remote Port Number: 2428 Remote IP Address: 10.1.66.4 Current Link State: OPEN

RTR_2620XM# show ccm-manager MGCP Domain Name: RTR_2620XM.CiscoNet.com Priority Status Host ============================================================ Primary Registered 10.1.66.4 First Backup None Second Backup None Current active Call Manager: 10.1.66.4 <output omitted> Backhaul Link info: Link Protocol: TCP Remote Port Number: 2428 Remote IP Address: 10.1.66.4 Current Link State: OPEN

RTR_2801# show mgcp endpoint Interface T1 0/3/0 ENDPOINT-NAME S0/SU3/ds1-0/1@RTR_2801 <output omitted> V-PORT 0/3/0:23 SIG-TYPE none ADMIN up

RTR_2620XM# show mgcp endpoint Interface T1 1/0 ENDPOINT-NAME S1/ds1-0/1@RTR_2620XM <output omitted> V-PORT 1/0:23 SIG-TYPE none ADMIN up

Phone Features

Call Park

To configure Call Park go to, Call Routing Call Park Add New.

Define a range (using X to represent any digit 0-9), and select the CUCM server. After clicking Save, call park should be up and running.

Now a call can be parked by pressing the Park softkey, placing it into the next available park slot (1150 1159). Users can then dial that number to transfer the call to their phone.

Call Pickup

To configure Call Pickup go to, Call Routing Call Pickup Group Add New.

Name the group, give it a number, and set any desired notification settings.

Then go to Call Routing Directory Number, and add each DN to the Call Pickup Group. Now when a phone in the Call Pickup Group is ringing someone else can answer it by pushing the Pickup or OPickup softkeys.

Display & Line Text

Go to Call Routing Directory Number, then select a DN.

Select an associated device and click Edit Line Appearance.

Scroll down to the section labeled Line 1 on Device X, and type in the users name under the Display & Line Text Label sections. (Note: the display text is used for Internal Caller ID so others know whose calling, the line label is displayed on the users phone next to the line button instead of their extension). Repeat this process for each phone extension.

Tip: After making configuration changes its a good idea to click the Apply Config button, just to make sure the phones download an updated config file from the server if needed.

Intercom

Go to Call Routing Intercom Intercom Route Partition Add New

Create a new partition using the format above.

Go to Call Routing Intercom Intercom CSS Add New

Give the CSS a name, and add the newly created partition to the CSS.

Go to Call Routing Intercom Intercom DN Add New

Create 2 different directory numbers, associate the CSS created above, and choose a Default Device to assign this particular number.

Go to Device Phone, select the desired device, and then click Modify Button Items.

Move the Intercom button over to the associated items column.

Select the Intercom Button item.

Assign one of the Intercom DNs to the phone, name the line, and type in the opposite Intercom DN under Speed Dial.

Pressing the Intercom line buttons will now create a one way communication channel between the two devices (by default the receiving end automatically answers on muted speakerphone).

Inter-Cluster Trunks

Creating an Inter-Cluster Trunk

Inter-cluster trunks provide a simple way to establish communication between different CUCM servers located on distant networks.

First, select Device Trunk Add New on the CUCM server.

Under Trunk Type select Inter-Cluster Trunk (Non-Gatekeeper Controlled), under Device Protocol it should say Inter-Cluster Trunk, then click Next.

Under Device Name type in the IP Address of the remote CUCM server. Type a description if desired, select an appropriate Device Pool, and uncheck PSTN Access.

Scroll further down the page, and enter the IP Address of the remote CUCM server under Remote Cisco Unified Communications Manager Information. Once thats finished click Save.

One side of the trunk should now be fully configured.

Lastly, go to the opposite CUCM server and create a mirrored configuration (as shown above). Communication should now be possible between both CUCM server databases. Now that both severs have MGCP gateways and Inter-Cluster Trunks configured its time to create a route plan that will permit calling between the different networks.

Creating a CUCM Route Plan

Route Plan Fundamentals

Creating a route plan, using the above model, will permit scalability and redundancy within a voice network. When processing a call CUCM starts from the top of this model; however, configuration should be done starting with the bottom. Devices In CUCM a device is simply a configured gateway or trunk. Route Groups A route group designates the order in which gateways and trunks are selected. In other words, it prioritizes outgoing trunk/gateway selection. Route Lists A route list associates a set of route groups with a route pattern and determines the order in which those route groups are accessed. Route Patterns A route pattern is a string of digits, and a set of associated digit manipulations, that can be assigned to a route list or a gateway. The devices have already been configured (the MGCP gateways and Inter-Cluster Trunks), so the next step involves configuring the Route Groups.

Configuring Route Groups in CUCM

Go to Call Routing Route/Hunt Route Group Add New.

Create a group called WAN Devices, change the distribution algorithm to Top Down, and add the Inter-Cluster Trunk to the list of selected devices.

Create another group called PSTN Devices, change the distribution algorithm to Top Down, and add the T1 port from the MGCP gateway to the list of selected devices.

After both groups are created, repeat the process on the other server and then go to Call Routing Route/Hunt Route List Add New.

Configuring Route Lists in CUCM

On the first CUCM server, name the list Ways_to_2XXX_and_3XXX, on the second server name it Ways_to_1XXX.

Click Add Route Group, and add both of the newly created route groups to the list, with WAN Devices as the first one. Additionally, a transformation will need to be set on the PSTN list to transform users 4 digit extensions into appropriate phone numbers if they are being routed out to a real PSTN.

After the appropriate lists have been configured, on both servers, go to Call Routing Route/Hunt Route Pattern Add New.

Configuring Route Patterns in CUCM

Several special characters can be used when configuring Route Patterns: Character @ Description Matches all NANP numbers. Each route pattern can have only one @ wildcard. X ! The X wildcard matches any single digit in the range 0 through 9. The exclamation point (!) wildcard matches one or more digits in the range 0 through 9. The question mark (?) wildcard matches zero or more occurrences of the preceding digit or wildcard value. The plus sign (+) wildcard matches one or more occurrences of the preceding digit or wildcard value. The square bracket ([ ]) characters enclose a range of values, representing a single number. The hyphen (-) character, used with the square brackets, denotes a range of values. The ^ character, used with the square brackets, negates a range of values. Ensure that it is the first character following the opening bracket ([). Each route pattern can have only one ^ character. . The dot (.) character, used as a delimiter, separates the Cisco Unified Communications Manager access code from the directory number. Use this special character, with the discard digits instructions, to strip off the Cisco Unified Communications Manager access code before sending the number to an adjacent system. Each route pattern can have only one dot (.) character. * The asterisk (*) character can provide an extra digit for special dialed numbers. The # character generally identifies the end of the dialing sequence. Ensure the # character is the last character in the pattern.

[]

Enter a route pattern similar to what is shown above, select the Route List just configured, and uncheck Provide Outside Dial Tone. This pattern states that whenever a number is dialed that begins with a 2 or 3, then has two 0s, and ends with any number 1-9, the call will be sent to the configured Route List, which in turn routes the call across the WAN link to the opposite CUCM server. Additionally, because the second entry in the List is for the PSTN connection, if the WAN link fails then the call will get sent across the PSTN T1 link as a backup. The opposite server should resemble the following:

Creating a PSTN Dial Plan

Creating a PSTN Route List

To configure PSTN access for CUCM, first a route list must be created with its only entry being the PSTN Devices route group.

Next, create a manual PSTN NADP (North America Dialing Plan) to point to this list.

Creating a Manual PSTN Dial Plan

On both servers create several route patterns representing the scheme below. Point all of them to the PSTN route list just created.

Example: Configure the 10-digit dialing pattern as shown below.

Leave the provide outside dial tone box checked. Scroll down the page and under Called Party Transformations select PreDot.

Now the leading 9 will get dropped after the call is forwarded to the PSTN. Additionally, under the patterns for 911, check the Urgent Priority box.

Once all of the patterns are created, the route pattern list should resemble the following:

Note: The PSTN in this topology is simply a T1 link between two routers and has no actual connection to an external PSTN network. Because of this, external calls sent across the PSTN will not actually work, this is simply a proof of concept configuration. However, if CUCM attempts to use the PSTN connection in the event of a WAN link failure, internal calls will work as expected.

Survivable Remote Site Telephony

Enabling Advanced SRST Functionality

Enter the following commands to enable advanced SRST failover using the CUCM Express functionality of both routers. RTR_2801 telephony-service srst mode auto-provision none srst ephone template 1 srst dn template 1 srst dn line-mode dual max-ephones 5 max-dn 10 ip source-address 10.1.1.3 port 2000 system message CME SRST Mode max-conferences 4 gain -6 transfer-system full-consult voicemail 5600 create cnf-files ! ephone-dn-template 1 hold-alert 25 idle ! ephone-template 1 keep-conference local-only ! ephone-dn 1 dual-line number 1001 label Jacob name Jacob Adlon ! ephone-dn 2 dual-line number 1002 label Sarah name Sarah DelSavio ! ephone-dn 3 dual-line number 1003 label Sally name Sally Smith !

ephone 1 device-security-mode none mac-address 000A.F464.3DA7 type 7960 button 1:1 ! ephone 2 device-security-mode none mac-address 000D.65BB.8506 type 7960 button 1:2 ! ephone 3 device-security-mode none mac-address 74D0.2BA0.1D17 type CIPC button 1:3 RTR_2620XM telephony-service max-ephones 5 max-dn 10 ip source-address 10.1.1.4 port 2000 system message CME SRST Mode max-conferences 4 gain -6 transfer-system full-consult voicemail 5700 create cnf-files ! ephone-dn 1 dual-line number 2001 label Kevin name Kevin DelSavio ! ephone-dn 2 dual-line number 2002 label John name John Smith ! ephone-dn 3 dual-line

number 2003 label Laura name Laura Lombardo ! ephone 1 mac-address 000D.BC8E.DEE8 type 7940 button 1:1 ! ephone 2 mac-address 000F.3485.8236 type 7940 button 1:2 ! ephone 3 mac-address 000C.297C.305A type CIPC button 1:3

Dial-Peer Configuration
Next, configure dial-peers to enable calling across the WAN and PSTN links. RTR_2801 application global service alternate Default ! dial-peer voice 1 voip preference 1 destination-pattern [23]00[1-9] session target ipv4:10.1.254.2 ip qos dscp cs5 media dial-peer voice 2 pots preference 2 destination-pattern [23]00[1-9] no digit-strip direct-inward-dial port 0/3/0:23 forward-digits all

dial-peer voice 3 voip preference 3 session target ipv4:10.1.66.4 incoming called-number 100[1-9] dtmf-relay h245-alphanumeric codec g711ulaw ip qos dscp cs5 media RTR_2620XM application global service alternate Default ! dial-peer voice 999110 pots preference 1 service mgcpapp port 1/1/0 dial-peer voice 999111 pots preference 1 service mgcpapp port 1/1/1 dial-peer voice 1 voip preference 1 destination-pattern 100[1-9] session target ipv4:10.1.254.1 ip qos dscp cs5 media dial-peer voice 2 pots preference 2 destination-pattern 100[1-9] no digit-strip direct-inward-dial port 1/0:23 forward-digits all dial-peer voice 1999110 pots preference 2 destination-pattern 3001 port 1/1/0 dial-peer voice 1999111 pots preference 2 destination-pattern 3002

port 1/1/1 dial-peer voice 3 voip preference 3 session target ipv4:10.1.67.2 incoming called-number [23]00[1-9] dtmf-relay h245-alphanumeric codec g711ulaw ip qos dscp cs5 media Now if either site loses connectivity to its local CUCM server all phones within that cluster will still be able to call each other. They will also be able to call between clusters thanks to the dialpeer configuration. Additionally, if the WAN link fails they still can communicate over the PSTN connection. Note: Make certain the appropriate SRST reference was configured earlier (In the section: Creating a Device Pool in CUCM) telling the phones where to look for their SRST configuration if needed.

Quality of Service

AutoQoS
Enter the following commands to enable AutoQoS on all Cisco devices. AutoQoS enables each device to always trust any VoIP QoS markings attached to the voice packets. This will improve voice quality across the network.

! Enter the following command on all Serial and Fast Ethernet ! interfaces on which voice traffic is expected to flow. ! auto qos voip trust ! ! Enter the following command on all Switch interfaces connected to ! Cisco IP Phones. ! auto qos voip cisco-phone ! ! Enter the following command on all Switch interfaces connected to a ! PC where Cisco IP Communicator is expected to run. ! auto qos voip cisco-softphone

Final Device Configurations

Routers
Access_Server Access_Server# show running-config Building configuration... Current configuration : 1958 bytes ! ! Last configuration change at 02:46:47 EST Sat Feb 15 2014 by jacob ! NVRAM config last updated at 02:46:48 EST Sat Feb 15 2014 by jacob ! version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname Access_Server ! boot-start-marker boot-end-marker ! enable secret 5 $1$ATw5$ZYe0JMWeQAzw.ud4.7Raa1 ! clock timezone EST -5 no aaa new-model ip subnet-zero no ip source-route no ip gratuitous-arps ip cef no ip domain lookup ip domain name CiscoNet.com ip host ALS1 2001 1.1.1.1 ip host ALS2 2002 1.1.1.1 ip host DLS1 2003 1.1.1.1 ip host DLS2 2004 1.1.1.1 ip host R1 2005 1.1.1.1 ip host R2 2006 1.1.1.1 ip host R3 2007 1.1.1.1 ip host R4 2008 1.1.1.1 !

no ip bootp server username jacob privilege 15 secret 5 $1$jlVS$rRO1fn4H9te.i9RyAkV3a0 ! no ip ftp passive ip ftp source-interface Ethernet0 ip ftp username jadlon ip ftp password 7 0653572A45181F0337 ! interface Loopback0 ip address 1.1.1.1 255.255.255.255 ! interface Ethernet0 ip address 10.1.70.3 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp no mop enabled ! interface Serial0 no ip address shutdown ! interface Serial1 no ip address shutdown ! no ip http server ip classless ip route 0.0.0.0 0.0.0.0 Ethernet0 10.1.70.1 ! logging trap notifications logging facility local2 logging source-interface Ethernet0 logging 10.1.66.2 alias exec s show ip int brief alias exec sl show line alias exec cl clear line ! line con 0 exec-timeout 30 0 privilege level 15 logging synchronous login local width 85 line 1 8 exec-timeout 30 0

privilege level 15 logging synchronous width 85 transport input telnet line aux 0 no exec transport output none line vty 0 4 exec-timeout 30 0 privilege level 15 logging synchronous login local width 85 transport input telnet ! ntp clock-period 17179821 ntp source Ethernet0 ntp server 10.1.1.3 end

RTR_2801 RTR_2801# show running-config Building configuration... Current configuration : 16518 bytes ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime localtime year service password-encryption service sequence-numbers ! hostname RTR_2801 ! boot-start-marker boot-end-marker ! security authentication failure rate 10 log security passwords min-length 6 logging message-counter syslog logging buffered 4096 logging console critical enable secret 5 $1$n.fB$OALf1i285EHaCdm6RMGH9. ! aaa new-model ! aaa authentication login local_auth local ! aaa session-id common clock timezone EST -5 clock summer-time EST recurring network-clock-participate wic 3 dot11 syslog no ip source-route no ip gratuitous-arps ! ip cef no ip bootp server no ip domain lookup ip domain name CiscoNet.com ip name-server 10.1.66.2

ip name-server 4.2.2.2 login block-for 180 attempts 3 within 30 login quiet-mode access-class QUIET no ipv6 cef ! multilink bundle-name authenticated ! isdn switch-type primary-ni ! voice-card 0 ! ! application global service alternate Default ! ! ! crypto pki trustpoint TP-self-signed-3740593925 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3740593925 revocation-check none rsakeypair TP-self-signed-3740593925 ! ! crypto pki certificate chain TP-self-signed-3740593925 certificate self-signed 02 3082024D 308201B6 A0030201 02020102 300D0609 2A864886 F70D0101 <output omitted> 89F4F652 4DB900EF 0C9BE6F8 70BCD07D 86 quit ! username jacob privilege 15 secret 5 $1$hyF6$k.vuoiGqDF50BO1OMphlm0 archive log config hidekeys path ftp://10.1.66.2/$h-config write-memory time-period 1440 ! crypto isakmp policy 1 encr aes authentication pre-share group 2 crypto isakmp key 58ki6vzR address 10.1.254.2 255.255.255.252 !

crypto ipsec transform-set JACOB esp-aes esp-sha-hmac ! crypto map CRYPTO 100 ipsec-isakmp set peer 10.1.254.2 set transform-set JACOB set pfs group2 match address CRYPTO ! controller T1 0/3/0 cablelength short 133 pri-group timeslots 1-10,24 service mgcp ! ip tcp synwait-time 10 no ip ftp passive ip ftp source-interface Loopback0 ip ftp username jadlon ip ftp password 7 0653572A45181F0337 ip ssh time-out 60 ip ssh authentication-retries 2 ip ssh version 2 ! class-map type inspect match-any SDM_BOOTPC match access-group 100 class-map type inspect match-any SDM_DHCP_CLIENT_PT match class-map SDM_BOOTPC class-map type inspect match-any ccp-skinny-inspect match protocol skinny class-map type inspect match-any sdm-cls-bootps match protocol bootps class-map type inspect match-any ccp-cls-insp-traffic match protocol cuseeme match protocol dns match protocol ftp match protocol https match protocol icmp match protocol imap match protocol pop3 match protocol netshow match protocol shell match protocol realmedia match protocol rtsp match protocol smtp extended match protocol sql-net match protocol streamworks match protocol tftp match protocol vdolive

match protocol tcp match protocol udp class-map type inspect match-all ccp-insp-traffic match class-map ccp-cls-insp-traffic class-map type inspect match-any ccp-h323nxg-inspect match protocol h323-nxg class-map type inspect match-any ccp-cls-icmp-access match protocol icmp match protocol tcp match protocol udp class-map type inspect match-any ccp-h225ras-inspect match protocol h225ras class-map type inspect match-any ccp-h323annexe-inspect match protocol h323-annexe class-map match-any AutoQoS-VoIP-RTP-Trust match ip dscp ef class-map type inspect match-any ccp-h323-inspect match protocol h323 class-map match-any AutoQoS-VoIP-Control-Trust match ip dscp cs3 match ip dscp af31 class-map type inspect match-all ccp-invalid-src match access-group 101 class-map type inspect match-all ccp-icmp-access match class-map ccp-cls-icmp-access class-map type inspect match-any ccp-sip-inspect match protocol sip class-map type inspect match-all ccp-protocol-http match protocol http ! policy-map type inspect ccp-permit-icmpreply class type inspect sdm-cls-bootps pass class type inspect ccp-sip-inspect inspect class type inspect ccp-h323-inspect inspect class type inspect ccp-h323annexe-inspect inspect class type inspect ccp-h225ras-inspect inspect class type inspect ccp-h323nxg-inspect inspect class type inspect ccp-skinny-inspect inspect class type inspect ccp-icmp-access

inspect class class-default pass policy-map type inspect ccp-inspect class type inspect ccp-invalid-src drop log class type inspect ccp-protocol-http inspect class type inspect ccp-insp-traffic inspect class type inspect ccp-sip-inspect inspect class type inspect ccp-h323-inspect inspect class type inspect ccp-h323annexe-inspect inspect class type inspect ccp-h225ras-inspect inspect class type inspect ccp-h323nxg-inspect inspect class type inspect ccp-skinny-inspect inspect class class-default drop policy-map AutoQoS-Policy-Trust class AutoQoS-VoIP-RTP-Trust priority percent 70 class AutoQoS-VoIP-Control-Trust bandwidth percent 5 class class-default fair-queue policy-map type inspect ccp-permit class type inspect SDM_DHCP_CLIENT_PT pass class type inspect ccp-sip-inspect inspect class type inspect ccp-h323-inspect inspect class type inspect ccp-h323annexe-inspect inspect class type inspect ccp-h225ras-inspect inspect class type inspect ccp-h323nxg-inspect inspect class type inspect ccp-skinny-inspect inspect

class class-default drop ! zone security in-zone zone security out-zone zone-pair security ccp-zp-self-out source self destination out-zone service-policy type inspect ccp-permit-icmpreply zone-pair security ccp-zp-in-out source in-zone destination out-zone service-policy type inspect ccp-inspect zone-pair security ccp-zp-out-self source out-zone destination self service-policy type inspect ccp-permit ! interface Loopback0 description $FW_INSIDE$ ip address 10.1.1.3 255.255.255.255 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress zone-member security in-zone ! interface Null0 no ip unreachables ! interface FastEthernet0/0 description $FW_INSIDE$ ip address 10.1.252.2 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly zone-member security in-zone duplex auto speed auto auto qos voip trust no mop enabled service-policy output AutoQoS-Policy-Trust ! interface FastEthernet0/1 description $FW_OUTSIDE$ ip address dhcp ip verify unicast source reachable-via rx allow-default 100 no ip redirects no ip unreachables

no ip proxy-arp ip flow ingress ip nat outside ip virtual-reassembly zone-member security out-zone duplex auto speed auto no cdp enable no mop enabled ! interface Serial0/2/0 description $FW_INSIDE$ ip address 10.1.254.1 255.255.255.252 no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat inside ip virtual-reassembly zone-member security in-zone auto qos voip trust clock rate 2000000 crypto map CRYPTO service-policy output AutoQoS-Policy-Trust ! interface Serial0/2/1 no ip address no ip redirects no ip unreachables no ip proxy-arp ip flow ingress shutdown clock rate 2000000 ! interface Serial0/3/0:23 no ip address ip flow ingress encapsulation hdlc isdn switch-type primary-ni isdn incoming-voice voice isdn bind-l3 ccm-manager no cdp enable ! router eigrp 100 passive-interface default no passive-interface FastEthernet0/0

no passive-interface Serial0/2/0 network 10.1.1.0 0.0.0.255 network 10.1.64.0 0.0.7.255 network 10.1.252.0 0.0.3.255 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 174.100.160.1 no ip http server ip http access-class 80 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip nat inside source list NAT interface FastEthernet0/1 overload ! ip access-list extended CRYPTO permit ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255 ip access-list extended NAT permit ip 10.1.0.0 0.0.255.255 any ip access-list extended QUIET permit ip 10.1.0.0 0.0.255.255 any ! logging trap notifications logging facility local2 logging source-interface Loopback0 logging 10.1.66.2 access-list 80 permit 10.1.66.0 0.0.0.255 access-list 80 deny any access-list 100 permit udp any eq bootpc access-list 101 remark CCP_ACL Category=128 access-list 101 permit ip host 255.255.255.255 any access-list 101 permit ip 127.0.0.0 0.255.255.255 any disable-eadi no cdp run ! tftp-server flash:/ringtones/Analog1.raw alias Analog1.raw tftp-server flash:/ringtones/Analog2.raw alias Analog2.raw <output omitted> tftp-server flash:/ringtones/Vibe.raw alias Vibe.raw tftp-server flash:music-on-hold.au alias music-on-hold.au tftp-server flash:P00308000500.loads alias P00308000500.loads tftp-server flash:P00308000500.sb2 alias P00308000500.sb2 tftp-server flash:P00308000500.sbn alias P00308000500.sbn tftp-server flash:P00308000500.bin alias P00308000500.bin !

control-plane ! rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS rmon alarm 33333 cbQosCMDropBitRate.50.14618161 30 absolute risingthreshold 1 33333 falling-threshold 0 owner AutoQoS rmon alarm 33334 cbQosCMDropBitRate.18.3164929 30 absolute risingthreshold 1 33333 falling-threshold 0 owner AutoQoS ! voice-port 0/0/0 ! voice-port 0/0/1 ! voice-port 0/0/2 ! voice-port 0/0/3 ! voice-port 0/3/0:23 ! voice-port 0/1/0 ! voice-port 0/1/1 ! ccm-manager fallback-mgcp ccm-manager mgcp no ccm-manager fax protocol cisco ccm-manager music-on-hold ccm-manager config server 10.1.66.4 ccm-manager config ! mgcp mgcp call-agent 10.1.66.4 2427 service-type mgcp version 0.1 mgcp rtp unreachable timeout 1000 action notify mgcp modem passthrough voip mode nse mgcp package-capability rtp-package mgcp package-capability sst-package mgcp package-capability pre-package no mgcp package-capability res-package no mgcp timer receive-rtcp mgcp sdp simple mgcp fax t38 inhibit mgcp bind control source-interface Loopback0 mgcp bind media source-interface Loopback0 ! mgcp profile default !

dial-peer voice 1 voip preference 1 destination-pattern [23]00[1-9] session target ipv4:10.1.254.2 ip qos dscp cs5 media ! dial-peer voice 2 pots preference 2 destination-pattern [23]00[1-9] no digit-strip direct-inward-dial port 0/3/0:23 forward-digits all ! dial-peer voice 3 voip preference 3 session target ipv4:10.1.66.4 incoming called-number 100[1-9] dtmf-relay h245-alphanumeric codec g711ulaw ip qos dscp cs5 media ! gatekeeper shutdown ! telephony-service srst mode auto-provision none srst ephone template 1 srst dn template 1 srst dn line-mode dual max-ephones 5 max-dn 10 ip source-address 10.1.1.3 port 2000 system message CME SRST Mode voicemail 5600 max-conferences 4 gain -6 transfer-system full-consult create cnf-files version-stamp Jan 01 2002 00:00:00 ! ephone-dn-template 1 hold-alert 25 idle ! ephone-template 1 keep-conference local-only ! ephone-dn 1 dual-line

number 1001 label Jacob name Jacob Adlon ! ephone-dn 2 dual-line number 1002 label Sarah name Sarah DelSavio ! ephone-dn 3 dual-line number 1003 label Sally name Sally Smith ! ephone 1 device-security-mode none mac-address 000A.F464.3DA7 type 7960 button 1:1 ! ephone 2 device-security-mode none mac-address 000D.65BB.8506 type 7960 button 1:2 ! ephone 3 device-security-mode none mac-address 74D0.2BA0.1D17 type CIPC button 1:3 ! banner login ^C####Unauthorized Access is Prohibited####^C ! line con 0 privilege level 15 logging synchronous login authentication local_auth width 85 transport output telnet line aux 0 no exec transport output telnet line vty 0 4 privilege level 15 logging synchronous

login authentication local_auth length 0 width 85 transport input telnet ssh ! scheduler allocate 20000 1000 ntp source Loopback0 ntp update-calendar ntp server 64.90.182.55 ntp server 96.47.67.105 ! end

RTR_2620XM RTR_2620XM# show running-config Building configuration... Current configuration : 8053 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime localtime year no service password-encryption ! hostname RTR_2620XM ! boot-start-marker boot-end-marker ! enable secret 5 $1$RFwd$tmpLO4IBNsnNNhzfhMi4w. ! aaa new-model ! aaa authentication login default local-case enable ! aaa session-id common clock timezone EST -5 clock summer-time EST recurring no network-clock-participate slot 1 no network-clock-participate wic 0 ip cef ! no ip domain lookup ip domain name CiscoNet.com ip name-server 10.1.66.2 ip name-server 4.2.2.2 ip auth-proxy max-nodata-conns 3 ip admission max-nodata-conns 3 ! isdn switch-type primary-ni voice-card 1 ! crypto pki trustpoint TP-self-signed-4142744825 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-4142744825 revocation-check none rsakeypair TP-self-signed-4142744825

! crypto pki certificate chain TP-self-signed-4142744825 certificate self-signed 01 3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 <output omitted> 6BA475C7 5954C4B7 F3731070 13D22D83 D0FDA4 quit ! application global service alternate Default ! username jacob privilege 15 secret 5 $1$ULyx$KMcT6vdClWlhh7YNEW8gl0 archive path ftp://10.1.66.2/$h-config write-memory time-period 1440 ! controller T1 1/0 framing esf clock source internal linecode b8zs cablelength short 133 pri-group timeslots 1-24 service mgcp ! no ip ftp passive ip ftp source-interface Loopback0 ip ftp username jadlon ip ftp password 7 0653572A45181F0337 ip ssh version 2 ! class-map match-any AutoQoS-VoIP-RTP-Trust match ip dscp ef class-map match-any AutoQoS-VoIP-Control-Trust match ip dscp cs3 match ip dscp af31 ! policy-map AutoQoS-Policy-Trust class AutoQoS-VoIP-RTP-Trust priority percent 70 class AutoQoS-VoIP-Control-Trust bandwidth percent 5 class class-default fair-queue ! crypto isakmp policy 1

encr aes authentication pre-share group 2 crypto isakmp key 58ki6vzR address 10.1.254.1 255.255.255.252 ! crypto ipsec transform-set JACOB esp-aes esp-sha-hmac ! crypto map CRYPTO 100 ipsec-isakmp set peer 10.1.254.1 set transform-set JACOB set pfs group2 match address CRYPTO ! interface Loopback0 ip address 10.1.1.4 255.255.255.255 ! interface FastEthernet0/0 ip address 10.1.253.2 255.255.255.252 duplex auto speed auto auto qos voip trust service-policy output AutoQoS-Policy-Trust ! interface Serial0/0 no ip address shutdown no fair-queue ! interface Serial0/1 no ip address shutdown ! interface Serial0/2 ip address 10.1.254.2 255.255.255.252 auto qos voip trust crypto map CRYPTO service-policy output AutoQoS-Policy-Trust ! interface Serial0/3 no ip address shutdown ! interface Serial1/0:23 no ip address encapsulation hdlc isdn switch-type primary-ni

isdn protocol-emulate network isdn incoming-voice voice isdn bind-l3 ccm-manager no cdp enable ! router eigrp 100 passive-interface default no passive-interface FastEthernet0/0 no passive-interface Serial0/2 network 10.1.1.0 0.0.0.255 network 10.1.64.0 0.0.7.255 network 10.1.252.0 0.0.3.255 no auto-summary ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Serial0/2 10.1.254.1 ! no ip http server ip http authentication local ip http secure-server ! ip access-list extended CRYPTO permit ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255 ! logging trap notifications logging facility local2 logging source-interface Loopback0 logging 10.1.66.2 ! tftp-server flash:P00307020200.bin alias P00307020200.bin tftp-server flash:P00307020200.loads alias P00307020200.loads tftp-server flash:P00307020200.sb2 alias P00307020200.sb2 tftp-server flash:P00307020200.sbn alias P00307020200.sbn tftp-server flash:music-on-hold.au alias music-on-hold.au ! control-plane ! rmon event 33333 log trap AutoQoS description "AutoQoS SNMP traps for Voice Drops" owner AutoQoS rmon alarm 33333 cbQosCMDropBitRate.1059.1061 30 absolute risingthreshold 1 33333 falling-threshold 0 owner AutoQoS rmon alarm 33334 cbQosCMDropBitRate.1095.1097 30 absolute risingthreshold 1 33333 falling-threshold 0 owner AutoQoS ! voice-port 1/0:23 !

voice-port 1/1/0 signal loopStart ! voice-port 1/1/1 signal loopStart ! ccm-manager fallback-mgcp ccm-manager mgcp no ccm-manager fax protocol cisco ccm-manager music-on-hold ccm-manager config server 10.1.67.2 ccm-manager config ! mgcp mgcp call-agent 10.1.67.2 2427 service-type mgcp version 0.1 mgcp rtp unreachable timeout 1000 action notify mgcp modem passthrough voip mode nse mgcp package-capability rtp-package mgcp package-capability sst-package mgcp package-capability pre-package no mgcp package-capability res-package no mgcp timer receive-rtcp mgcp sdp simple mgcp fax t38 inhibit mgcp rtp payload-type g726r16 static mgcp bind control source-interface Loopback0 mgcp bind media source-interface Loopback0 ! mgcp profile default ! dial-peer voice 999110 pots preference 1 service mgcpapp port 1/1/0 ! dial-peer voice 999111 pots preference 1 service mgcpapp port 1/1/1 ! dial-peer voice 1 voip preference 1 destination-pattern 100[1-9] session target ipv4:10.1.254.1 ip qos dscp cs5 media !

dial-peer voice 2 pots preference 2 destination-pattern 100[1-9] no digit-strip direct-inward-dial port 1/0:23 forward-digits all ! dial-peer voice 1999110 pots preference 2 destination-pattern 3001 port 1/1/0 ! dial-peer voice 1999111 pots preference 2 destination-pattern 3002 port 1/1/1 ! dial-peer voice 3 voip preference 3 session target ipv4:10.1.67.2 incoming called-number [23]00[1-9] dtmf-relay h245-alphanumeric codec g711ulaw ip qos dscp cs5 media ! gatekeeper shutdown ! telephony-service max-ephones 5 max-dn 10 ip source-address 10.1.1.4 port 2000 system message CME SRST Mode create cnf-files version-stamp Jan 01 2002 00:00:00 voicemail 5700 max-conferences 4 gain -6 transfer-system full-consult ! ephone-dn 1 dual-line number 2001 label Kevin name Kevin DelSavio ! ephone-dn 2 dual-line number 2002

label John name John Smith ! ephone-dn 3 dual-line number 2003 label Laura name Laura Lombardo ! ephone 1 mac-address 000D.BC8E.DEE8 type 7940 button 1:1 ! ephone 2 mac-address 000F.3485.8236 type 7940 button 1:2 ! ephone 3 mac-address 000C.297C.305A type CIPC button 1:3 ! banner login ^C####Unauthorized Access is Prohibited####^C ! line con 0 exec-timeout 30 0 privilege level 15 logging synchronous width 85 transport output telnet line aux 0 exec-timeout 0 0 no exec transport output none line vty 0 4 exec-timeout 30 0 privilege level 15 logging synchronous width 85 transport input ssh ! ntp clock-period 17180307 ntp source Loopback0 ntp server 10.1.1.3 end

Switches
MLS_3550_A MLS_3550_A# show running-config Building configuration... Current configuration : 10090 bytes ! ! Last configuration change at 19:44:25 EST Wed Mar 12 2014 by jacob ! NVRAM config last updated at 19:25:45 EST Wed Mar 12 2014 by jacob ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime localtime year service password-encryption ! hostname MLS_3550_A ! enable secret 5 $1$pmHs$.Uc/qMT0DTH.YcGjoY7dm0 ! username jacob privilege 15 secret 5 $1$M5TC$gLlHIa.EF8jMsU3qqvhRG/ ! aaa new-model ! aaa authentication login default local-case enable ! aaa session-id common clock timezone EST -5 authentication mac-move permit mls qos map policed-dscp 24 26 46 to 0 mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos min-reserve 5 170 mls qos min-reserve 6 85 mls qos min-reserve 7 51 mls qos min-reserve 8 34 mls qos ip subnet-zero ip routing no ip domain-lookup ip domain-name CiscoNet.com ip name-server 10.1.66.2 ip name-server 4.2.2.2

ip ip ip ! ip

dhcp excluded-address 10.1.64.1 10.1.64.10 dhcp excluded-address 10.1.66.1 10.1.66.10 dhcp excluded-address 10.1.69.1 10.1.69.4 dhcp pool VOICE_A network 10.1.64.0 255.255.255.0 default-router 10.1.64.1 dns-server 10.1.66.2 4.2.2.2 domain-name CiscoNet.com option 150 ip 10.1.66.4 10.1.1.3

! ip dhcp pool DATA_A network 10.1.66.0 255.255.255.0 default-router 10.1.66.1 dns-server 10.1.66.2 4.2.2.2 domain-name CiscoNet.com ! ip dhcp pool WIFI network 10.1.69.0 255.255.255.0 default-router 10.1.69.1 dns-server 10.1.66.2 4.2.2.2 domain-name CiscoNet.com ! crypto pki trustpoint TP-self-signed-691470336 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-691470336 revocation-check none rsakeypair TP-self-signed-691470336 ! ! crypto pki certificate chain TP-self-signed-691470336 certificate self-signed 01 3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 <output omitted> 5EC3DAB4 7C39709B 4ED56980 1E733DC8 7F quit ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! no ip ftp passive ip ftp source-interface Loopback0 ip ftp username jadlon

ip ftp password 7 0653572A45181F0337 ip ssh version 2 ! class-map match-all AutoQoS-VoIP-RTP-Trust match ip dscp ef class-map match-all AutoQoS-VoIP-Control-Trust match ip dscp cs3 af31 ! policy-map AutoQoS-Police-SoftPhone class AutoQoS-VoIP-RTP-Trust set ip dscp ef police 320000 8000 exceed-action policed-dscp-transmit class AutoQoS-VoIP-Control-Trust set ip dscp cs3 police 32000 8000 exceed-action policed-dscp-transmit ! interface Loopback0 ip address 10.1.1.1 255.255.255.255 ! interface FastEthernet0/1 description Point-to-Point to RTR_2801 no switchport ip address 10.1.252.1 255.255.255.252 mls qos trust dscp auto qos voip trust wrr-queue bandwidth 10 20 70 1 wrr-queue min-reserve 1 5 wrr-queue min-reserve 2 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue cos-map 1 0 1 wrr-queue cos-map 2 2 4 wrr-queue cos-map 3 3 6 7 wrr-queue cos-map 4 5 priority-queue out ! interface FastEthernet0/2 description Cisco IP Phone 7960 (MAC: 000A.F464.3DA7) switchport access vlan 66 switchport mode access switchport voice vlan 64 switchport port-security maximum 2 switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 000a.f464.3da7 vlan voice

mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone wrr-queue bandwidth 10 20 70 1 wrr-queue min-reserve 1 5 wrr-queue min-reserve 2 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue cos-map 1 0 1 wrr-queue cos-map 2 2 4 wrr-queue cos-map 3 3 6 7 wrr-queue cos-map 4 5 priority-queue out spanning-tree portfast ! interface FastEthernet0/3 description Cisco IP Phone 7960 (MAC: 000D.65BB.8506) switchport access vlan 66 switchport mode access switchport voice vlan 64 switchport port-security maximum 2 switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 000d.65bb.8506 vlan voice mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone wrr-queue bandwidth 10 20 70 1 wrr-queue min-reserve 1 5 wrr-queue min-reserve 2 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue cos-map 1 0 1 wrr-queue cos-map 2 2 4 wrr-queue cos-map 3 3 6 7 wrr-queue cos-map 4 5 priority-queue out spanning-tree portfast ! interface FastEthernet0/4 description Desktop PC w/ VMWare Virtualization switchport access vlan 66 switchport mode access switchport voice vlan 64 auto qos voip cisco-softphone

wrr-queue bandwidth 10 20 70 1 wrr-queue min-reserve 1 5 wrr-queue min-reserve 2 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue cos-map 1 0 1 wrr-queue cos-map 2 2 4 wrr-queue cos-map 3 3 6 7 wrr-queue cos-map 4 5 priority-queue out spanning-tree portfast service-policy input AutoQoS-Police-SoftPhone ! interface FastEthernet0/5 description Wireless Access Point - SSID: CiscoNet switchport access vlan 69 switchport mode access spanning-tree portfast ! interface FastEthernet0/6 description APC MasterSwitch PDU switchport access vlan 70 switchport mode access spanning-tree portfast ! interface FastEthernet0/7 description Cisco 2509 Terminal Access Server switchport access vlan 70 switchport mode access spanning-tree portfast ! interface FastEthernet0/8 description Entertainment Equipment switchport access vlan 66 switchport mode access switchport voice vlan 64 spanning-tree portfast ! interface FastEthernet0/9 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/10 description UNUSED

switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/11 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/12 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/13 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/14 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/15 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/16 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/17 description UNUSED switchport access vlan 666 switchport mode access shutdown !

interface FastEthernet0/18 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/19 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/20 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/21 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/22 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/23 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/24 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface GigabitEthernet0/1 description UNUSED switchport access vlan 666 switchport mode access

shutdown ! interface GigabitEthernet0/2 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface Vlan1 description UNUSED no ip address shutdown ! interface Vlan64 ip address 10.1.64.1 255.255.255.0 ! interface Vlan66 ip address 10.1.66.1 255.255.255.0 ! interface Vlan69 ip address 10.1.69.1 255.255.255.0 ! interface Vlan70 ip address 10.1.70.1 255.255.255.0 ! router eigrp 100 network 10.1.1.0 0.0.0.255 network 10.1.64.0 0.0.7.255 network 10.1.252.0 0.0.3.255 passive-interface default no passive-interface FastEthernet0/1 ! ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 10.1.252.2 no ip http server ip http authentication local ip http secure-server ! ip sla enable reaction-alerts logging trap notifications logging facility local2 logging source-interface Loopback0 logging 10.1.66.2 ! control-plane !

banner login ^C####Unauthorized Access is Prohibited####^C ! line con 0 exec-timeout 30 0 privilege level 15 logging synchronous width 85 transport output telnet line vty 0 4 exec-timeout 30 0 privilege level 15 logging synchronous length 0 width 85 transport input ssh line vty 5 15 exec-timeout 30 0 privilege level 15 logging synchronous width 85 transport input ssh ! ntp clock-period 17180193 ntp source Loopback0 ntp server 10.1.1.3 end

MLS_3550_B MLS_3550_B# show running-config Building configuration... Current configuration : 12331 bytes ! ! Last configuration change at 19:47:14 EST Wed Mar 12 2014 by jacob ! NVRAM config last updated at 19:27:51 EST Wed Mar 12 2014 by jacob ! version 12.2 no service pad service timestamps debug datetime msec service timestamps log datetime localtime year service password-encryption ! hostname MLS_3550_B ! enable secret 5 $1$pmHs$.Uc/qMT0DTH.YcGjoY7dm0 ! username jacob privilege 15 secret 5 $1$M5TC$gLlHIa.EF8jMsU3qqvhRG/ ! aaa new-model ! aaa authentication login default local-case enable ! aaa session-id common clock timezone EST -5 authentication mac-move permit mls qos map policed-dscp 24 26 46 to 0 mls qos map cos-dscp 0 8 16 24 32 46 48 56 mls qos min-reserve 5 170 mls qos min-reserve 6 85 mls qos min-reserve 7 51 mls qos min-reserve 8 34 mls qos ip subnet-zero ip routing no ip domain-lookup ip domain-name CiscoNet.com ip name-server 10.1.66.2 ip name-server 4.2.2.2 ip dhcp excluded-address 10.1.65.1 10.1.65.10 ip dhcp excluded-address 10.1.67.1 10.1.67.10 !

ip dhcp pool VOICE_B network 10.1.65.0 255.255.255.0 default-router 10.1.65.1 dns-server 10.1.66.2 4.2.2.2 domain-name CiscoNet.com option 150 ip 10.1.67.2 10.1.1.4 ! ip dhcp pool DATA_B network 10.1.67.0 255.255.255.0 default-router 10.1.67.1 dns-server 10.1.66.2 4.2.2.2 domain-name CiscoNet.com ! crypto pki trustpoint TP-self-signed-592747520 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-592747520 revocation-check none rsakeypair TP-self-signed-592747520 ! crypto pki certificate chain TP-self-signed-592747520 certificate self-signed 01 3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 <output omitted> 32FE6E0A E1BAA9EB F300161D BBB57F4C 4B quit ! spanning-tree mode rapid-pvst spanning-tree etherchannel guard misconfig spanning-tree extend system-id ! vlan internal allocation policy ascending ! no ip ftp passive ip ftp source-interface Loopback0 ip ftp username jadlon ip ftp password 7 0653572A45181F0337 ip ssh version 2 ! class-map match-all AutoQoS-VoIP-RTP-Trust match ip dscp ef class-map match-all AutoQoS-VoIP-Control-Trust match ip dscp cs3 af31 ! policy-map AutoQoS-Police-SoftPhone class AutoQoS-VoIP-RTP-Trust set ip dscp ef

police 320000 8000 exceed-action policed-dscp-transmit class AutoQoS-VoIP-Control-Trust set ip dscp cs3 police 32000 8000 exceed-action policed-dscp-transmit ! interface Loopback0 ip address 10.1.1.2 255.255.255.255 ! interface FastEthernet0/1 description Point-to-Point to RTR_2620XM no switchport ip address 10.1.253.1 255.255.255.252 mls qos trust dscp auto qos voip trust wrr-queue bandwidth 10 20 70 1 wrr-queue min-reserve 1 5 wrr-queue min-reserve 2 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue cos-map 1 0 1 wrr-queue cos-map 2 2 4 wrr-queue cos-map 3 3 6 7 wrr-queue cos-map 4 5 priority-queue out ! interface FastEthernet0/2 description Cisco IP Phone 7940 (MAC: 000D.BC8E.DEE8) switchport access vlan 67 switchport mode access switchport voice vlan 65 switchport port-security maximum 2 switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 000d.bc8e.dee8 vlan voice mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone wrr-queue bandwidth 10 20 70 1 wrr-queue min-reserve 1 5 wrr-queue min-reserve 2 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue cos-map 1 0 1 wrr-queue cos-map 2 2 4 wrr-queue cos-map 3 3 6 7

wrr-queue cos-map 4 5 priority-queue out spanning-tree portfast ! interface FastEthernet0/3 description Cisco IP Phone 7940 (MAC: 000F.3485.8236) switchport access vlan 67 switchport mode access switchport voice vlan 65 switchport port-security maximum 2 switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 000f.3485.8236 vlan voice mls qos trust device cisco-phone mls qos trust cos auto qos voip cisco-phone wrr-queue bandwidth 10 20 70 1 wrr-queue min-reserve 1 5 wrr-queue min-reserve 2 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue cos-map 1 0 1 wrr-queue cos-map 2 2 4 wrr-queue cos-map 3 3 6 7 wrr-queue cos-map 4 5 priority-queue out spanning-tree portfast ! interface FastEthernet0/4 description CUCM Server (Cluster 2) switchport access vlan 67 switchport mode access switchport voice vlan 65 auto qos voip cisco-softphone wrr-queue bandwidth 10 20 70 1 wrr-queue min-reserve 1 5 wrr-queue min-reserve 2 6 wrr-queue min-reserve 3 7 wrr-queue min-reserve 4 8 wrr-queue cos-map 1 0 1 wrr-queue cos-map 2 2 4 wrr-queue cos-map 3 3 6 7 wrr-queue cos-map 4 5 priority-queue out spanning-tree portfast

service-policy input AutoQoS-Police-SoftPhone ! interface FastEthernet0/5 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/6 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/7 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/8 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/9 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/10 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/11 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/12 description UNUSED

switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/13 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/14 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/15 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/16 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/17 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/18 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/19 description UNUSED switchport access vlan 666 switchport mode access shutdown !

interface FastEthernet0/20 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/21 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/22 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/23 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/24 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/25 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/26 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/27 description UNUSED switchport access vlan 666 switchport mode access

shutdown ! interface FastEthernet0/28 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/29 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/30 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/31 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/32 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/33 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/34 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/35 description UNUSED

switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/36 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/37 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/38 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/39 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/40 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/41 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/42 description UNUSED switchport access vlan 666 switchport mode access shutdown !

interface FastEthernet0/43 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/44 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/45 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/46 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/47 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface FastEthernet0/48 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface GigabitEthernet0/1 description UNUSED switchport access vlan 666 switchport mode access shutdown ! interface GigabitEthernet0/2 description UNUSED switchport access vlan 666 switchport mode access

shutdown ! interface Vlan1 description UNUSED no ip address shutdown ! interface Vlan65 ip address 10.1.65.1 255.255.255.0 ! interface Vlan67 ip address 10.1.67.1 255.255.255.0 ! interface Vlan68 ip address 10.1.68.1 255.255.255.0 ! router eigrp 100 network 10.1.1.0 0.0.0.255 network 10.1.64.0 0.0.7.255 network 10.1.252.0 0.0.3.255 passive-interface default no passive-interface FastEthernet0/1 ! ip classless ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 10.1.253.2 no ip http server ip http authentication local ip http secure-server ! ip sla enable reaction-alerts logging trap notifications logging facility local2 logging source-interface Loopback0 logging 10.1.66.2 ! control-plane ! banner login ^C####Unauthorized Access is Prohibited####^C ! line con 0 exec-timeout 30 0 privilege level 15 logging synchronous width 85 transport output telnet line vty 0 4

exec-timeout 30 0 privilege level 15 logging synchronous length 0 width 85 transport input ssh line vty 5 15 exec-timeout 30 0 privilege level 15 logging synchronous width 85 transport input ssh ! ntp clock-period 17180370 ntp source Loopback0 ntp server 10.1.1.3 end

Verification & Testing

Verification of Functionality
show ip interface brief Verification that all interfaces are in an up/up state.

Note: Interface VLAN 68 shows a protocol status of down because it is in the Lab subnet, which is currently unused.

show vlan brief Verification that all VLANs are present, active, and contain the appropriate interfaces.

show ip route Verification that all routes are present in the routing table.

show ip protocol Verification of running routing protocol.

show ip eigrp neighbors Verification of EIGRP neighbor adjacencies.

show ip nat statistics & show ip nat translations Verification of Network Address Translation

show isdn status (if CUCM is handling connections) Verification that PSTN connection is fully operational. Layer 2 state should read: MULTIPLE_FRAME_ESTABLISHED L3 protocol = CCM MANAGER confirms CUCM is handling all L3 communication across the T1 link. Because of this, Layer 3 Status will always show 0 Active Layer 3 Call(s).

show isdn status (if router is handling connections) Verification that PSTN connection is fully operational. Layer 2 state should read: MULTIPLE_FRAME_ESTABLISHED If the CUCM servers are offline, and the router is handling all L3 communication across the T1 link, then Layer 3 Status will reflect current number of active calls.

show controllers T1 Verification that T1 is in an up operational state.

show crypto ipsec sa & show crypto isakmp sa Verification of Point-to-Point VPN tunnel. Make certain packet encryption/decryption counters are increasing, and ISAKMP SA status is ACTIVE, to verify functionality.

show ccm-manager & show mgcp endpoint Verification of CUCM MGCP connection, and endpoint operational status.

show voice port summary Verification of voice port status.

debug isdn q931 Verification of successful call across PSTN connection, and which channel is being used.

show telephony-service Verification of CUCM Express configuration on routers.

show ephone registered Verification of IP Phone registration when failing over to SRST.

Phone Registration Status Verification that all IP Phones have successfully registered with the CUCM servers.

MGCP Gateway Registration Status Verification that all MGCP gateway endpoints have successfully registered with the CUCM servers.

Inter-Cluster Calling Verification that IP phones are able to call across CUCM clusters.

Connecting to Voicemail Verification that IP Phones can connect to their appropriate Unity Connection mailboxes.

SRST Failover Verification that IP Phones failover to the CUCME routers using SRST.

SRST Inter-Cluster Calling Verification that IP Phones can call across clusters while in SRST mode.

Ping Tests
Default Gateway Test Successful pings to all default gateways.

Internet Connectivity Test Successful pings to several internet servers for proof of connectivity and DNS lookup.

Local Server Test Successful pings to all internal servers to test connectivity.

Network Device Test Successful pings to all network devices (routers, switches, etc.) to test connectivity.

Wireshark Capture
By analyzing a Wireshark capture made as a call is placed between two phones, lots of information can be viewed about the process. Below are just some of the packets sent between the CUCM servers and the IP Phones.

An OffHookMessage when the initial phone was picked up.

A DialedNumberMessage when the destination number was entered into the phone.

A CallInfoMessage stating the Calling/Called party numbers and names.

A StartMediaTransmission packet indicating the voice channel is open (including what codec is being used).

And a StopMediaTransmission packet when the call is over.

Additionally, under Telephony VoIP Calls the different calls that have taken place can be viewed. Some calls can even be listened to if the audio wasnt encrypted during transit, its in a format Wireshark understands, and the RTP packets have been made accessible to Wireshark.

Note: The Skinny Client Control Protocol (SCCP) handles all communication between the phones and the CUCM servers; however, once the call is initiated the Reliable Transport Protocol (RTP) takes over and establishes a two-way communication channel between the phones. At this point the CUCM servers are no longer needed for the phone call to stay active; In fact, both CUCM servers could go offline and the call wouldnt be dropped. Wireshark is unable to see any of the RTP packets (which carries the audio) because it is only capturing traffic traveling to and from the servers. Setting up a Switchport Analyzer (SPAN) session on the switches, and sending all traffic from the phone interfaces to the PC interface, would permit Wireshark to see the RTP packets. Warning: only attempt this if the Switch being used can handle the extra traffic generated by the SPAN session.

Project Weekly Journals

Week ending: January 31, 2014 Journal Summary:

Date 1/26/2014 1/27/2014 1/29/2014 1/31/2014 1/31/2014 1/31/2014 Start Time 8:00pm 2:00pm 12:00pm 2:00pm 8:00pm 10:00pm End Time 11:00pm 2:30pm 3:00pm 2:15pm 9:30pm 11:45pm Description Researched configuration of VWIC-1MFT-T1 controller cards Purchased Cisco 7960 IP Phones (x2) to replace older 7910s Worked on IP Address, VLAN, and Interface Assignments Researched how to reset Cisco 7960 IP Phones to factory default Configured WAP & Access Server Configured 2801 for basic connectivity, CBAC, & NAT Total Hours This Week Total Hours to Date Total Hours 3.00 0.50 3.00 0.25 1.50 1.75 10.00 10.00

Journal Details:
1/26/2014
Researched configuration of VWIC-1MFT-T1 controller cards o Searched for configuration examples to create PSTN connection using T1 voice controller cards. o Found useful information at: http://supportforums.cisco.com/thread/2150557 o Successfully tested configuration and established a PSTN connection between two routers.

1/27/2014
Purchased Cisco 7960 IP Phones (x2) to replace older 7910s o eBay item: Cisco Systems IP Phone 7960 Series CP-7960G Network Phone (Item#: 191028975027) o Total Cost: $29.24 ($10/phone + S/H) Worked on IP Address, VLAN, and Interface Assignments o Built an Excel spreadsheet to document IP Addressing Scheme. o Assigned subnets to different VLANs. (e.g. Data, Voice, Mgmt., etc.) o Assigned IP Addresses to appropriate ports. (Physical and VLAN Interfaces)

1/29/2014

1/31/2014
Researched how to reset Cisco 7960 IP Phones to factory default o Found Instructions at: http://www.cisco.com/en/US/products/hw/phones/ps379/products_tech_note09186a 00800941bb.shtml

o Used instructions to successfully reset phones to factory default settings. Configured WAP & Access Server o Configured D-Link DIR-601 to server as a Wireless AP. (Set device IP Address, Disabled DHCP, etc.) o Configured Access Server with appropriate commands to establish connectivity + disabled certain services to make device more secure. Configured 2801 for basic connectivity, CBAC, & NAT o Setup 2801 for basic connectivity. o Disabled certain services to improve security and enabled CBAC (Context-based Access Control). o Configured NAT to establish internet connection through cable modem.

Week ending: February 7, 2014 Journal Summary:

Date 2/1/2014 2/1/2014 2/1/2014 2/1/2014 2/1/2014 2/3/2014 2/3/2014 2/3/2014 2/3/2014 2/5/2014 Start Time 11:30am 2:00pm 3:00pm 4:00pm 10:00pm 12:00am 12:00pm 2:30pm 6:00pm 10:00am End Time 1:00pm 3:00pm 4:00pm 7:00pm 12:00am 4:30am 2:30pm 3:00pm 7:00pm 6:00pm Description Installed Linux & Windows OSs in VMware Workstation Installed CUCM in VMware Workstation Installed Cisco Unity Connection in VMware Workstation Promoted Windows Server to a DC, configured DHCP, etc. Configured phones to register with CUCM, enabled SRST Began Working on Initial Project Documentation Configured voicemail settings through CUCM & CUC Configured Windows Server 2012 as a DNS server Removed CBAC firewall and instead implemented a ZBF Continued Working on Project Documentation Total Hours This Week Total Hours to Date Total Hours 1.50 1.00 1.00 3.00 2.00 4.50 2.50 0.50 1.00 8.00 25.00 35.00

Journal Details:
2/1/2014
Installed Linux & Windows OSs in VMware Workstation o Setup VMware to install Ubuntu Server, Kali Linux, Windows Server, and Windows 7 o Installed and fully updated all operating systems Installed CUCM in VMware Workstation o Setup VMware to install CUCM o Installed and setup Cisco Unified Communications Manager Installed Cisco Unity Connection in VMware Workstation o Setup VMware to install CUC o Installed and setup Cisco Unity Connection Promoted Windows Server to a DC, configured DHCP, etc. o Made Windows Server 2012 into a Domain Controller for the network (had Windows 7 VM join domain) o Configured DHCP on the Cisco 3550 switches to provide addressing for the network. o Performed additional configuration/troubleshooting to establish connectivity between devices. Configured phones to register with CUCM, enabled SRST o Successfully got all IP phones to register with CUCM server. o Used CCP to configure RTR_2801 for SRST failover.

Made appropriate changes in CUCM to tell phones the IP address of RTR_2801.

2/3/2014 Began Working on Initial Project Documentation o Created Title Page, began creating individual sections describing initial configuration of
devices.

o Began creating sections describing more advanced configuration of devices.

Configured voicemail settings through CUCM & CUC o Successfully got voicemail functioning through Cisco Unity Connection. Configured Windows Server 2012 as a DNS server o Enabled Windows Server for DNS, created forward/reverse lookup zones to translate hostnames into their proper IP Addresses. Removed CBAC firewall and instead implemented a ZBF o Manually removed configuration for CBAC firewall on RTR_2801, and instead used CCP to implement a basic Zone-Based Firewall.

2/5/2014 Continued Working on Project Documentation + Raspberry Pi o Added more sections and screenshots to project documentation relating to Windows/Linux OS configuration. o Went through processes of Service Activation, Device Pool Creation, and IP Phone Setup to capture screenshots and fully document the steps.

Week ending: February 14, 2014 Journal Summary:

Date 2/8/2014 2/8/2014 2/8/2014 2/10/2014 2/10/2014 2/10/2014 2/11/2014 2/11/2014 Start Time 10:00am 1:00pm 2:00pm 1:00am 12:00pm 3:00pm 12:00am 12:00pm End Time 1:00pm 2:00pm 6:00pm 4:00am 1:00pm 4:00pm 2:00am 2:00pm Description Documented Unity Connection voicemail configuration Researched and configured LDAP syncing w/ Active Directory Researched and configured MGCP Gateway configuration Documented & setup Phone Features (Call Park & Call Pickup) Created Table of Contents for documentation Configured Display & Line Text through CUCM Configured the Intercom feature through CUCM Configured Site-to-Site VPN between routers Total Hours 3.00 1.00 4.00 3.00 1.00 1.00 2.00 2.00

Total Hours This Week Total Hours to Date

17.00 52.00

Journal Details:
2/8/2014
Documented Unity Connection voicemail configuration

o Went through setup of CUCM & CUC for voicemail, properly captured screenshots, and documented the steps.
Researched and configured LDAP syncing w/ Active Directory o Researched the configuration of LDAP in CUCM and CUC. o Successfully setup LDAP sync between CUCM/CUC and Active Directory. o Documented steps required to get LDAP working.

Researched and configured MGCP Gateway configuration o Researched configuration of MGCP gateways in CUCM. o Properly configured T1 & FXS ports w/ MGCP. o Documented steps required to get MGCP working. 2/10/2014 Documented & setup Phone Features (Call Park & Call Pickup) o Configured Call Park & Pickup in CUCM. o Documented steps required to get features working. Created Table of Contents for documentation o Created preliminary Table of Contents for project documentation. Configured Display & Line Text through CUCM o Set display text for Internal Caller ID.

o Set line text to display the users name on their IP Phones. 2/11/2014 Configured the Intercom feature through CUCM o Created Intercom Partition, Calling Search Space, and Directory Numbers. o Assigned DNs to phones, and was able to successfully create an Intercom connection. Configured Site-to-Site VPN between routers o Setup a Site-to-Site VPN between RTR_2801 and RTR_2620XM to encrypt all traffic
traversing the WAN link.

Week ending: February 21, 2014 Journal Summary:

Date Start Time End Time 3:00pm Description Total Hours 3 11 2 1 5 3 Added SRST to RTR_2620XM to increase redundancy 2/16/2014 12:00pm 11:00pm Converted to a CUCM Multisite Deployment 2/17/2014 2:00am 4:00am Created route patterns to call across WAN and PSTN links 2/19/2014 6:00pm 7:00pm Purchased and Installed a second NIC in PC 2/20/2014 11:00am 4:00pm Watched CBT Nuggets - CCNP Voice CIPT1 v8.0 videos 2/21/2014 12:00pm 3:00pm Watched CBT Nuggets - CCNP Voice CIPT1 v8.0 videos 2/15/2014 12:00pm

Total Hours This Week Total Hours to Date

25.00 77.00

Journal Details:
2/15/2014
Added SRST to RTR_2620XM to increase redundancy o Configured SRST on RTR_2620XM to increase redundancy if communication to CUCM server is lost.

2/16/2014 Converted to a CUCM Multisite Deployment o Added a second CUCM server to create a Distributed Multisite deployment; created an
Inter-Cluster trunk to call between clusters.

2/17/2014 Created route patterns to call across WAN and PSTN links o Route groups, lists, and patterns were all used to call from one CUCM server to the other. 2/19/2014 Purchased and Installed a second NIC in PC o Purchased and installed a second Network Interface Card to bridge Virtual Machines to MLS_3550_B. 2/20/2014 Watched CBT Nuggets - CCNP Voice CIPT1 v8.0 videos o Began watching CBT Nuggets videos to better understand the more advanced
configuration options within CUCM.

2/21/2014 Watched CBT Nuggets - CCNP Voice CIPT1 v8.0 videos o Continued watching CBT Nuggets videos to better understand the more advanced
configuration options within CUCM.

Week ending: February 28, 2014 Journal Summary:

Start End Description Time Time 2/23/2014 11:00am 4:00pm Watched CBT Nuggets - CCNP Voice CIPT1 v8.0 videos 2/25/2014 12:00pm 3:00pm Worked on project documentation Date Total Hours 5 3

Total Hours This Week Total Hours to Date

8.00 85.00

Journal Details:
2/23/2014
Watched CBT Nuggets - CCNP Voice CIPT1 v8.0 videos o Continued watching CBT Nuggets videos to better understand the more advanced configuration options within CUCM.

2/25/2014 Worked on project documentation o Continued working on documentation for project binder.

Week ending: March 07, 2014 Journal Summary:

Start Time 3/4/2014 10:00am 3/6/2014 4:00pm Date End Description Time 3:00pm Watched CBT Nuggets - CCNP Voice CIPT2 v8.0 videos 6:00pm Watched CBT Nuggets - CCNP Voice CIPT2 v8.0 videos 1:00pm Worked on documentation for trunks, gateways, and dial plans Total Hours 5 2 1

3/7/2014 12:00pm

Total Hours This Week Total Hours to Date

8.00 93.00

Journal Details:
3/4/2014
Watched CBT Nuggets - CCNP Voice CIPT2 v8.0 videos o Watched CBT Nuggets videos to better understand the more advanced configuration options within CUCM Multisite Deployments. Watched CBT Nuggets - CCNP Voice CIPT2 v8.0 videos o Continued watching CBT Nuggets videos to better understand the more advanced configuration options within CUCM Multisite Deployments.

3/6/2014

3/7/2014 Worked on documentation for trunks, gateways, and dial plans o Continued working on documentation for project binder.

Week ending: March 14, 2014 Journal Summary:

Start Time 3/12/2014 1:00pm Date End Description Time 8:00pm Worked on project documentation Total Hours 7

Total Hours This Week 7.00 Total Hours to Date 100.00

Journal Details:
3/12/2014 Worked on project documentation o Continued working on documentation for project binder.

Week ending: March 21, 2014 Journal Summary:

End Description Time 3/15/2014 10:00pm Implemented SRST and worked on project documentation 3/16/2014 12:00pm 4:00pm Began verification/testing and worked on project documentation 3/17/2014 12:00pm 3:00pm Cont. verification/testing and worked on project documentation 3/19/2014 12:00pm 4:00pm Continued working on project documentation Date Start Time 1:00pm Total Hours 9 4 3 4

Total Hours This Week 20.00 Total Hours to Date 120.00

Journal Details:
3/15/2014 Implemented SRST and worked on project documentation o Implemented advanced SRST using the CUCM Express functionality of the routers. o Continued working on documentation for project binder. o Additionally, finally got calls placed across the PSTN connection to work correctly. 3/16/2014 Began verification/testing and worked on project documentation o Began issuing various show commands to verify functionality. o Continued working on documentation for project binder. 3/17/2014 Cont. verification/testing and worked on project documentation o Continued issuing various show commands, etc. to verify functionality. o Continued working on documentation for project binder. 3/19/2014 Continued working on project documentation o Continued working on documentation for project binder.

Project Summary & References

Project Summary
Initial Configuration All devices received an initial configuration to enable basic network connectivity. This included IP Addressing, EIGRP, DHCP, NAT, and VLANs. Security Security was enabled to protect the network from internal and external threats. This included the configuration of AAA, Port Security, and SSH. A basic Zone-Based Firewall was also enabled to permit communication to the outside, while limiting communication from the outside to the internal network. Additionally, a site-to-site VPN tunnel was created between the two sites for added security. VMware VMware was used as the primary method of Operating System and Server virtualization. Several Windows and Linux machines were virtualized, as well as CUCM and CUC, to create a fully functional network infrastructure. CUCM Distributed Multisite Deployment A distributed multisite deployment was created using Cisco Unified Communications Manager. Two CUCM clusters, separated by a WAN link, created two distinct sites each with their own server. Each server handles a separate group of phones, thus increasing redundancy and efficiency across the network. Voicemail with Cisco Unity Connection Two separate CUC servers were configured to provide voicemail functionality to the different CUCM clusters. Each group of phones contacts a different server when checking voicemail. Messages can be left and received by pressing the Messages button on each IP Phone, or by dialing 5600 or 5700, depending on which cluster the phone is in. The analog phones can also use the voicemail services by dialing 5700. Lightweight Directory Access Protocol LDAP was used to enable syncing of the Microsoft Active Directory user database to both the CUCM and CUC servers. This permits the creation of a single user account within Windows Server, and enables it to be used on all CUCM and CUC servers.

Media Gateway Control Protocol MGCP was used to simplify the configuration of the voice gateways. All required T1 controllers and FXS ports were successfully configured using MGCP. Both CUCM servers could then use the T1 ports on the routers to connect over a PSTN style connection. This connection is used as a backup should the WAN link fail. Phone Features Various phone features were configured on the CUCM servers. These features include: Call Park, Call Pickup, Display & Line Text, and Intercom. Inter-Cluster Trunks An Inter-Cluster Trunk was configured between the two CUCM servers. This permits calling between different clusters over the WAN link. Creating a CUCM Route Plan A Route Plan was created telling the phones to use the WAN link as a primary path, then if the WAN link fails use the PSTN connection as a backup. Survivable Remote Site Telephony SRST was implemented to use the CUCM Express functionality of both routers as a backup should the CUCM servers go offline. Dial-Peers were then configured to permit all phones to reach each other even if the WAN link fails, and/or the CUCM servers go offline. Verification & Testing All devices were tested for connectivity, and each phone was tested for functionality. Show Commands, Pings, and Wireshark captures were used to verify everything is working as it should.

Project References
CBT Nuggets (Producer). (2011, Oct. 19). CCNA Voice ICOMM 640-461 by Jeremy Cioara [Video Series]. Retrieved from http://www.cbtnuggets.com/ CBT Nuggets (Producer). (2012, Nov 12). CCNP Voice CVOICE v8.0 642-437 by Jeremy Cioara [Video Series]. Retrieved from http://www.cbtnuggets.com/ CBT Nuggets (Producer). (2013, Mar 21). CCNP Voice CIPT1 v8.0 642-447 by Jeremy Cioara [Video Series]. Retrieved from http://www.cbtnuggets.com/ CBT Nuggets (Producer). (2013, Nov 20). CCNP Voice CIPT2 v8.0 642-457 by Jeremy Cioara [Video Series]. Retrieved from http://www.cbtnuggets.com/ Cioara, J., & Valentine, M. (2012). CCNA Voice 640-461: Official Certification Guide (2nd Ed.). Indianapolis, IN: Cisco Press. Empson, S. (2013). CCNA Routing and Switching Portable Command Guide (3rd Edition). Indianapolis, IN: Cisco Press. Finke, J., & Hartmann, D. (2012). Implementing Cisco Unified Communications Manager, Part 1 (CIPT1) Foundation Learning Guide (2nd Ed.). Indianapolis, IN: Cisco Press. Olsen, C. (2012). Implementing Cisco Unified Communications Manager, Part 2 (CIPT2) Foundation Learning Guide (2nd Ed.). San Jose, CA: Cisco Press. Wallace, K. (2011). Implementing Cisco Unified Communications Voice over IP and QoS (CVOICE) Foundation Learning Guide (4th Ed.). Indianapolis, IN: Cisco Press.